IndigoINT | Threat Intelligence Services & Cyber Threat Insights IndigoINT provides expert threat intelligence, digital risk analysis, and investigative support. Explore services, templates, and guidance to strengthen your security.

www.indigoint.io
#NationalSecurity #CyberCommand #OperationalIntel #Leadership #SecurityOperations

IndigoINT | Threat Intelligence Services & Cyber Threat Insights IndigoINT provides expert threat intelligence, digital risk analysis, and investigative support. Explore services, templates, and guidance to strengthen your security.

In the Military, intelligence had to be actionable immediately. In corporate, I see 'intelligence' rotting in PDF reports nobody reads. If your CTI team is just forwarding news articles, you don't have intelligence; you have a newsletter.
Stop buying feeds. Start building process.

🎥 I’ll also have companion videos dropping on TikTok and YouTube coming soon.
#threatintelligence #cybersecurity #purpleteam

🔹 Deven Chhajed on SoupDealer, a stealthy Java-based loader built to outmaneuver EDR.

Their work shows how much impactful research happens outside vendor reports — and why we need to pay attention.

📖 Read the full digest and past issues on my Substack & Medium via linktr.ee/itsmalware.

This week’s Threat Intelligence Digest highlights the work of independent researchers pushing the conversation forward:
🔹 Karthikeyan Nagaraj on how adversaries abuse SQLite databases to persist and exfiltrate data.
🔹 Aj on the hidden risks of malware lurking in smart home devices.

📖 You can find my Substack and Medium write-ups here: linktr.ee/itsmalware

🎥 By the end of the week, I’ll also be publishing companion videos on TikTok and YouTube.

#threatintelligence #dprk #threathunting

From Belarus-linked Ghostwriter activity against Ukraine and Poland, to Scaly Wolf’s modular backdoors, and a DPRK operation using GitHub as covert C2, the reporting shows how state-backed actors keep innovating just enough to stay ahead while leaning on repeatable tradecraft.

Week 14 is live!
This week I dropped the Threat Intelligence Digest and a deep dive into one of the most interesting campaigns we’ve tracked lately.

Weekly Threat Intelligence Update:
I’ve been under the weather and had to pause this week’s review (Week 16). Thank you all for the continued support and engagement over the past weeks—it truly means a lot. Regular updates will hopefully resume next week.

You can find the new releases on the Notion Marketplace, and check my Linktree for past write-ups, previous templates, and other resources.
linktr.ee/itsmalware

We're also getting close to releasing the entire Threat-Intelligence Program Template, which will tie all of these tools together into a complete, end-to-end workflow.

This week, we released two new templates to support the intelligence lifecycle - now available on the Notion Marketplace.
Both are built for operational environments, not theory, and designed to integrate directly with your existing RFI/PIR workflows.

We’re aiming to drop more templates next week, for analysts without a big team or enterprise tooling.
Prefer reading? Watching? Skimming?
You can now get the digest on Medium, Substack, or YouTube!
linktr.ee/itsmalware
If this helped, share it. A lot of us are out here flying solo.

To hiring managers: There’s no excuse for paying someone with a TS/SCI and niche tradecraft under $100K in the DC area. Period. When I’m able to build a team, I won’t cut wages to “match the market.”

To cybersecurity media: if you’re referencing analyst-driven work, attribution should be obvious and upfront. If your readers have to dig, reverse-search, or guess the source, you’re skirting dangerously close to plagiarism. Respect the work. Credit the original.

This week’s digest covers:
• Silver Fox abusing Google Translate to deliver Winos RAT
• Storm-2603 evolving from ToolShell exploits to DNS-backdoored ransomware
• LockBit affiliates continuing their DLL sideloading campaigns
• Plague, a stealthy PAM-based Linux backdoor with zero VirusTotal hits

it’s happening in the wild, and adversaries are adapting faster than our controls.
📬 Full digest (TTPs, mitigations, and context): linktr.ee/itsmalware
#ThreatIntel #CVE202553770 #SharePoint #LinuxMalware #LLM #PromptInjection #BlueTeam #PurpleTeam #GovCyber #IndigoINT #CTI #AIThreats

Weaponized LLM summarizers (like Gemini) are being hijacked to trick users into calling fake Google support. These are live, exploitable behaviors, not hypothetical.
🧠 We believe it’s time the community formally recognize a new threat category: LLM-Enabled Attacks.
This is no longer fringe research

A stealth Linux payload hidden in a polyglot image. Memory-only execution, rootkit persistence, dynamic proxy discovery—modular enough to look LLM-authored.
🔹 Prompt Injection in the Real World

Attackers are stealing machine keys, forging tokens, and maintaining long-term, unauthenticated access. This one’s already hitting gov networks. If your blue and purple teams haven’t been alerted, stop scrolling.
🔹 Koske Malware – AI-Assisted Cryptominer

🚨 This Week in Threat Intel – Digest #13 is Live 🚨
Our latest roundup covers three high-impact threats, all grounded in real-world exploitation, not theory:
🔹 SharePoint Zero-Day (CVE-2025-53770)

❗ But protections must include key rotation, AMSI, Defender AV, and hardened monitoring.

We’re covering the full threat chain and mitigation breakdown in next week’s drop. Stay sharp.

#ThreatIntel #CyberSecurity #SharePoint #CVE202553770 #ZeroDay #PurpleTeam #BlueTeam #GovCyber #IndigoINT

Attackers are using it to steal machine keys and gain persistent, unauthenticated access—even after reboots and web shell cleanup. We’ve already seen this abused across federal and global orgs.
✅ Emergency patches are out.

🚨 Sneak Peek from Next Week’s Digest 🚨
Heads up to my contacts in the government space:

If your purple and blue teams haven’t been briefed on CVE-2025-53770 yet, now’s the time. This critical SharePoint zero-day is being actively exploited in the wild, and patching alone won’t cut it.

❤️🔥 In the dark, we are all the same.❤️🔥

— Yasmine | IndigoINT

#ThreatIntelligence #CyberSecurity #CTI #BlueTeam #Infosec #NotionForAnalysts #NeurodivergentFriendly #MalwareAnalysis #CyberThreatIntel #IntelOps #MalwareTikTok #NotionTemplates

We are you.

We’re here to make the work easier, sharper, and more human.

More templates, more deep-dives, and more analyst-centered workflows are on the way.

If you’re trying to build a real threat intelligence program or just trying to survive until Friday, we’ve got something for you.

📱 @its.malware on TikTok: (www.tiktok.com/@its.malware...)
---

🔎 These digests are for:

- The analyst triaging 20 open tabs
- The detection engineer pivoting fast without context
- The CISO who needs to understand why this matters without reading three different pieces of content

We see you.

🎙 And for folks who prefer podcasts or video—we’ve started reviewing these digests on TikTok (YouTube soon).
Some of those early videos have mistakes. The ADHD hits sometimes. But we believe in building in public and improving as we go because intelligence isn’t just a product, it’s a process.

We get that too. That’s why we offer 1:1 walkthrough sessions for any of our templates. You bring the bundle or the individual file, and we’ll walk through how to make it work for your stack, your brain, and your mission.
🧭 Book a Template Review Session: (indigoint.gumroad.com/l/TemplateAu...)

They’re flexible, lifecycle-aware, and built with actual analyst workflows in mind, not just checkbox compliance. You can find them here:
👉 Notion Marketplace – IndigoINT Templates (www.notion.com/@indigoint)
---
💬 “But what if I don’t have time to learn another system?”