JP
MOCO
Cyber Threat Intelligence Analyst writing about APT tracking, OSINT methodology, malware analysis, and adversary tradecraft.
/// APT29 ACTIVITY DETECTED IN EU FINANCIAL SECTOR
/// LAZARUS GROUP NEW CAMPAIGN TARGETING CRYPTO EXCHANGES
/// ZERO-DAY IN MAJOR VPN VENDOR BEING ACTIVELY EXPLOITED
/// DARK WEB MONITORING: NEW DATA BROKER EMERGES
/// MITRE ATT&CK v16 UPDATES PUBLISHED
/// RANSOMWARE GROUPS ADOPTING AI-ASSISTED RECON
/// VOLT TYPHOON INFRASTRUCTURE EXPANSION OBSERVED
/// APT29 ACTIVITY DETECTED IN EU FINANCIAL SECTOR
/// LAZARUS GROUP NEW CAMPAIGN TARGETING CRYPTO EXCHANGES
/// ZERO-DAY IN MAJOR VPN VENDOR BEING ACTIVELY EXPLOITED
/// DARK WEB MONITORING: NEW DATA BROKER EMERGES
/// MITRE ATT&CK v16 UPDATES PUBLISHED
/// RANSOMWARE GROUPS ADOPTING AI-ASSISTED RECON
/// VOLT TYPHOON INFRASTRUCTURE EXPANSION OBSERVED
5+
Years in CTI
50+
Threats Analysed
PT
Native
EN
Fluent
Latest Intelligence
Recent Writing
Feb 18, 2025
OSINT
Mapping Adversary Infrastructure with Passive DNS and Certificate Transparency
One domain. That’s often all you start with. A single indicator pulled from a phishing email, a SIEM alert, or a malware sandbox …
Jan 10, 2025
CTI
APT Attribution: How We Identify Threat Actors Without Being Wrong
TLP:AMBER This post is part of the CTI Methodology series.
Attribution is one of the most misunderstood concepts in cyber threat …