toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

276
active users

#CTI

40 posts11 participants6 posts today

New Threat Intelligence Research Report: Malicious Campaign Impacting European Organizations 🚨

Orange Cyberdefense CERT just documented a sophisticated campaign distributing Sorillus RAT, likely operated by Brazilian threat actors. This cluster actively targets multiple European countries. The campaign employs invoice-themed phishing emails and leverages legitimate services like OneDrive and Ngrok to evade detection.

Stay informed and protect your organization.
👉 Learn more in our blog: orangecyberdefense.com/global/

#ThreatIntelligence #Malware #RAT #Phishing #Sorillus #CTI

Replied in thread

The Ghunt output provides us with a few good leads. First it confirms that it's a valid gmail account. Second it provides links to the TA's Google Maps reviews.

grey@thruntmachine:~$ ghunt email shadowgamer5628@gmail.com

By: mxrch (🐦 @mxrchreborn)
Support my work on GitHub Sponsors ! 💖

> GHunt 2.3.3 (🕷 Spider Edition) <

🎉 You are up to date !

[+] Stored session loaded !
[+] Authenticated !

🙋 Google Account data

[+] Custom profile picture !
=> lh3.googleusercontent.com/a-/A

[-] Default cover picture

Last profile edit : 2025/05/05 09:34:18 (UTC)

Email : shadowgamer5628@gmail.com
Gaia ID : 112604768676644210605

User types :
- GOOGLE_USER (The user is a Google user.)

📞 Google Chat Extended Data

Entity Type : PERSON
Customer ID : Not found.

🌐 Google Plus Extended Data

Entreprise User : False

🎮 Play Games data

[+] New token for playgames has been generated

[-] No player profile found.

🗺 Maps data

Profile page : google.com/maps/contrib/112604

[Statistics]
Ratings : 6

[-] Reviews are private.

🗓 Calendar data

[-] No public Google Calendar.

Continued thread

One of the best indicators Censys found for attribution is the email address accidentally left in a git commit:

% git log
commit fa480e80bc5b9e154fad138ef47191032e7ba4dd (HEAD -> main, origin/main, origin/HEAD)
Author: Shadow GRT <shadowgamer5628@gmail.com>
Date: Wed May 7 15:51:15 2025 +0000

Given this is a gmail the first tool we should immediately use is GHunt (github.com/mxrch/GHunt)

(1/???)