ShadowOpCode (@shadowopcode) 's Twitter Profile
ShadowOpCode

@shadowopcode

Malware analyst & reverse engineer 🧠
Threat intel on stealers, RATs, live campaigns 🕵️
Technical analysis. No buzzwords.
📍DM open for research collabs

ID: 1923033485087834112

linkhttps://github.com/ShadowOpCode calendar_today15-05-2025 15:11:39

176 Tweet

291 Followers

96 Following

ShadowOpCode (@shadowopcode) 's Twitter Profile Photo
ShadowOpCode
@shadowopcode

a month ago

#ClickFix #FakeCAPTCHA in an italian website hxxps://www.chiocciola40[.]it/ hxxp://te.vakun[.]ru/ptg90q8t hxxp://dqay.ci6ef[.]ru/sinkers ANY.RUN analysis: app.any.run/tasks/1e167278…

#ClickFix #FakeCAPTCHA in an italian website hxxps://www.chiocciola40[.]it/ hxxp://te.vakun[.]ru/ptg90q8t hxxp://dqay.ci6ef[.]ru/sinkers <a href="/anyrun_app/">ANY.RUN</a> analysis: app.any.run/tasks/1e167278…
ShadowOpCode (@shadowopcode) 's Twitter Profile Photo
ShadowOpCode
@shadowopcode

21 days ago

🚨#Formbook #Xloader spotted in a malspam campaign in #Italy ⚠️Using another "Lorem Ipsum Dolores" variation! Related tweet: x.com/ShadowOpCode/s… ANY.RUN analysis: app.any.run/tasks/43bfa36b… C2: www[.]grevla[.]top

🚨#Formbook #Xloader spotted in a malspam campaign in #Italy ⚠️Using another "Lorem Ipsum Dolores" variation! Related tweet: x.com/ShadowOpCode/s… <a href="/anyrun_app/">ANY.RUN</a> analysis: app.any.run/tasks/43bfa36b… C2: www[.]grevla[.]top
tobersotski (@tobersotski) 's Twitter Profile Photo
tobersotski
@tobersotski

13 days ago

HTA file deobfuscation from the "fake DMCA report" phishing campaign. Key features shown in the screenshots John Hammond vx-underground ShadowOpCode x.com/_JohnHammond/s…

HTA file deobfuscation from the "fake DMCA report" phishing campaign. Key features shown in the screenshots <a href="/_JohnHammond/">John Hammond</a> <a href="/vxunderground/">vx-underground</a> <a href="/ShadowOpCode/">ShadowOpCode</a> x.com/_JohnHammond/s…
ShadowOpCode (@shadowopcode) 's Twitter Profile Photo
ShadowOpCode
@shadowopcode

10 days ago

⚠️ALERT⚠️ there is an OPEN webshell on hxxps://boldcleaningsolutionsatl[.]com/ NEW domains: boldcompanions[.]com boldinnovationspetcare[.]com Cert AgID Gianni Amato JAMESWT vx-underground a lot of malwere inside 😋 cc: tobersotski x.com/AgidCert/statu…

⚠️ALERT⚠️ there is an OPEN webshell on hxxps://boldcleaningsolutionsatl[.]com/ NEW domains: boldcompanions[.]com boldinnovationspetcare[.]com <a href="/AgidCert/">Cert AgID</a> <a href="/guelfoweb/">Gianni Amato</a> <a href="/JAMESWT_WT/">JAMESWT</a> <a href="/vxunderground/">vx-underground</a> a lot of malwere inside 😋 cc: <a href="/tobersotski/">tobersotski</a> x.com/AgidCert/statu…
tobersotski (@tobersotski) 's Twitter Profile Photo
tobersotski
@tobersotski

7 days ago

Caminho Loader Malware Analysis #CaminhoLoader #malware #ThreatIntel Szabolcs Schmidt ShadowOpCode x.com/smica83/status…

Caminho Loader Malware Analysis #CaminhoLoader #malware #ThreatIntel <a href="/smica83/">Szabolcs Schmidt</a> <a href="/ShadowOpCode/">ShadowOpCode</a> x.com/smica83/status…
ShadowOpCode (@shadowopcode) 's Twitter Profile Photo
ShadowOpCode
@shadowopcode

3 days ago

🚨ALERT🚨 #CryptersAndTools started using github and supabase as staging for #steganography images Delivering #AgentTesla ANY.RUN : app.any.run/tasks/c858f3ae… hunter: JAMESWT

🚨ALERT🚨 #CryptersAndTools started using github and supabase as staging for #steganography images Delivering #AgentTesla <a href="/anyrun_app/">ANY.RUN</a> : app.any.run/tasks/c858f3ae… hunter: <a href="/JAMESWT_WT/">JAMESWT</a>
tobersotski (@tobersotski) 's Twitter Profile Photo
tobersotski
@tobersotski

2 days ago

Phishing "Pedaggio non pagato" autostde[.]com domain created today (2025-11-19) Cert AgID JAMESWT illegalFawn Gianni Amato Andrea (Drego) Draghetti 👨🏻‍💻 🎣 Simplicio Sam L.

Phishing "Pedaggio non pagato" autostde[.]com domain created today (2025-11-19) <a href="/AgidCert/">Cert AgID</a> <a href="/JAMESWT_WT/">JAMESWT</a> <a href="/illegalFawn/">illegalFawn</a> <a href="/guelfoweb/">Gianni Amato</a> <a href="/AndreaDraghetti/">Andrea (Drego) Draghetti 👨🏻‍💻 🎣</a> <a href="/marsomx_/">Simplicio Sam L.</a>