Episodes

  • S3 Ep50: Game of Nodes: Persistence Is Coming

    S3 Ep50: Game of Nodes: Persistence Is Coming
    Dec 5 2025
    Top Headlines:

    • securelist.com | The Tsundere botnet uses the Ethereum blockchain to infect its targets: https://securelist.com/tsundere-node-js-botnet-uses-ethereum-blockchain/117979/
    • Group-IB | Bloody Wolf: A Blunt Crowbar Threat To Justice: https://www.group-ib.com/blog/bloody-wolf/
    • welivesecurity.com | MuddyWater: Snakes by the riverbank: https://www.welivesecurity.com/en/eset-research/muddywater-snakes-riverbank/
    • Fortinet Blog | ShadowV2 Casts a Shadow Over IoT Devices: https://www.fortinet.com/blog/threat-research/shadowv2-casts-a-shadow-over-iot-devices?&web_view=true
    • darktrace.com | ShadowV2: An emerging DDoS for hire botnet: https://www.darktrace.com/blog/shadowv2-an-emerging-ddos-for-hire-botnet

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    42 mins
  • S3 Ep49: Guess Who: The Adversary Edition - 2

    S3 Ep49: Guess Who: The Adversary Edition - 2
    Nov 25 2025
    Can You Identify the Nation-State Actor?​​​​‌ ‍ ​‍​‍‌‍ ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​ ‍‍​‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ​​ ‌​​ ‌ ​ ​‌​‍ ‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌ ​ ‌ ‌​‌ ‌‌‌‍‌​‌‍‍‌‌‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ‍‌ ‌​​‍ ‌‍‌‌‌‍‌​‌‍‍‌‌ ‌​​‍ ‌‍ ‌‌‍ ‌‍‌​‌‍‌‌​ ‌‌ ​​‌ ​‍‌‍‌‌‌ ​ ‌‍‌‌‌‍ ‍‌ ‌​‌‍​‌‌ ‌​‌‍‍‌‌‍ ‌‍ ‍​ ‍ ‌‍‍‌‌‍‌​​ ‌‌‍‌‍​ ‍​‌‍‌‍​ ​‌​ ‌​‌‍​‍​ ‍‌‌‍​‌​‍ ‌‌‍‌‍​ ​‍‌‍​‌​ ‌‌​‍ ‌​ ‌​‌‍‌​​ ​​​ ‍‌​‍ ‌​ ‍‌​ Out of the Woods: The Threat Hunting Podcast returns for another special edition episode that challenges how you think about adversary behavior. This live, interactive session will focus on a nation-state actor, revealing one phase of their campaign at a time as our hosts provide tradecraft clues and analysis.​​​​‌ Participants will examine how observed techniques align to MITRE ATT&CK, how vertical-specific targeting shapes operational decisions, and how behavioral patterns emerge across campaigns. Before the final reveal, attendees will have the chance to submit their best guess on which nation-state threat actor is behind the activity.​​​​‌ What You’ll Learn:​​​​‌ ‍ ​‍​‍‌‍ ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​ ‍‍​‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ​​ ‌​​ ‌ ​ ​‌​‍ ‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌ ​ ‌ ‌​‌ ‌‌‌‍‌​‌‍‍‌‌‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ‍‌ ‌​​‍ ‌‍‌‌‌‍‌​‌‍‍‌‌ ‌​​‍ ‌‍ ‌‌‍ ‌‍‌​‌‍‌‌​ ‌‌ ​​‌ ​‍‌‍‌‌‌ ​ ‌‍‌‌‌‍ ‍‌ ‌​‌‍​‌‌ ‌​‌‍‍‌‌‍ ‌‍ ‍​ ‍ ‌‍‍‌‌‍‌​​ ‌‌‍‌‍​ ‍​‌‍‌‍​ ​‌​ ‌​‌‍​‍​ ‍‌‌‍​‌​‍ ‌‌‍‌‍​ ​‍‌‍​‌​ ‌‌​‍ ‌​ ‌​‌‍‌​​ ​​​ ‍‌​‍ ‌​ ‍‌​ ​‍‌‍‌‍​ ‌ ​‍ ‌​ ​‍​ ‍‌​ ‌‌‌‍​‍‌‍​‍‌‍‌‍‌‍‌‌​ ‍‌‌‍‌‍​ ‌​​ ​‍​ ‍‌​ ‍ ‌ ‌​‌ ‍‌‌ ​​‌‍‌‌​ ‌‌ ​​‌‍ ‌‍‌​‌‍​ ‌‍​‌‌ ​ ‌ ‌​​ ‍ ‌ ​​‌‍​‌‌ ‌​‌‍‍​​ ‌‌ ​​‌‍​‌‌‍‌ ‌‍‌‌‌​​‍‌ ‌‌‌‍‍‌‌‍ ​‌‍‌​‌‍‌‌‌ ​‍​‍‌‌​ ‌‌‌​​‍‌‌ ‌‍‍ ‌‍‌‌‌ ‍‌​‍‌‌​ ​ ‌​‌​​‍‌‌​ ​ ‌​‌​​‍‌‌​ ​‍​ ​‍‌‍‌​‌‍​‌‌‍‌‌​ ​​‌‍‌‍​ ​‍‌‍​ Real adversary behavior – A phase-by-phase look at a real nation-state campaignMITRE ATT&CK in context – How techniques appear in real incidents​​​​‌ ‍ ​‍​‍‌‍ ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​Recognizing tradecraft patterns – What links behaviors across operations​​​​‌ ‍ ​‍​‍‌‍ ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍Sector-specific targeting – How industries influence attacker decisions​​​​‌...
    Show More Show Less
    1 hr and 32 mins
  • S3 Ep48: Familiar Moves, Novel Grooves

    S3 Ep48: Familiar Moves, Novel Grooves
    Nov 5 2025
    *[LIVE] Out of the Woods: The Threat Hunting Podcast – Guess Who Edition
    November 19, 2025 | 12:00 - 1:30 PM ET
    Sign Up: https://www.intel471.com/resources/podcasts/guess-who-the-adversary-edition-2

    ----------

    Top Headlines:
    • Secure Annex | SleepyDuck malware invades Cursor through Open VSX: https://secureannex.com/blog/sleepyduck-malware/
    • Arctic Wolf | UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities: https://arcticwolf.com/resources/blog/unc6384-weaponizes-zdi-can-25373-vulnerability-to-deploy-plugx/
    • Unit 42 | Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild: https://unit42.paloaltonetworks.com/microsoft-cve-2025-59287/
    • Unit 42 | Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack: https://unit42.paloaltonetworks.com/new-windows-based-malware-family-airstalk/

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    41 mins
  • S3 Ep47: Common, but Deadly

    S3 Ep47: Common, but Deadly
    Oct 22 2025
    *Threat Hunting Management Workshop: The Business Value of Threat Hunting
    October 29, 2025 | 12:00 - 12:30 PM ET
    Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-management-workshop-the-business-value-of-threat-hunting

    *[LIVE] Out of the Woods: The Threat Hunting Podcast – Guess Who Edition
    November 19, 2025 | 12:00 - 1:30 PM ET
    Sign Up: https://www.intel471.com/resources/podcasts/guess-who-the-adversary-edition-2

    ----------

    Top Headlines:
    • Koi | GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace: https://www.koi.ai/blog/glassworm-first-self-propagating-worm-using-invisible-code-hits-openvsx-marketplace
    • Cisco Talos Blog | BeaverTail and OtterCookie Evolve with a New Javascript Module: https://blog.talosintelligence.com/beavertail-and-ottercookie/
    • Synacktiv | LinkPro: eBPF Rootkit Analysis: https://www.synacktiv.com/en/publications/linkpro-ebpf-rootkit-analysis
    • BleepingComputer | American Airlines Subsidiary Envoy Confirms Oracle Data Theft Attack: https://www.bleepingcomputer.com/news/security/american-airlines-subsidiary-envoy-confirms-oracle-data-theft-attack/?&web_view=true

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    1 hr and 2 mins
  • S3 Ep46: Here We Go Again...

    S3 Ep46: Here We Go Again...
    Oct 14 2025
    *Threat Hunting Management Workshop: The Business Value of Threat Hunting
    October 29, 2025 | 12:00 - 12:30 PM ET
    Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-management-workshop-the-business-value-of-threat-hunting

    ----------

    Top Headlines:
    • Cisco Talos | Velociraptor Leveraged in Ransomware Attacks: https://blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-attacks/
    • GBHackers Security | Hackers Use Court-Themed Phishing to Deliver Info-Stealer Malware: https://gbhackers.com/info-stealer-malware/?web_view=true
    • FortiGuard Labs | New Stealit Campaign Abuses Node.js Single Executable Application: https://www.fortinet.com/blog/threat-research/stealit-campaign-abuses-nodejs-single-executable-application
    • eSecurity Planet | AI Chatbots Used as Backdoors in New Cyberattacks: https://www.esecurityplanet.com/news/ai-exploited-prompt-injection/?&web_view=true

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    41 mins
  • S3 Ep45: Think, McFly, Think

    S3 Ep45: Think, McFly, Think
    Oct 3 2025
    *Threat Hunting Management Workshop: The Business Value of Threat Hunting
    October 29, 2025 | 12:00 - 12:30 PM ET
    Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-management-workshop-the-business-value-of-threat-hunting

    ----------

    Top Headlines:
    • LastPass | Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware: https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages
    • Cisco Talos BlogCisco Talos Blog | How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking: https://blog.talosintelligence.com/how-rainyday-turian-and-a-new-plugx-variant-abuse-dll-search-order-hijacking/?&web_view=true
    • Trend MicroTrend Micro | AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks: https://www.trendmicro.com/en_us/research/25/i/ai-powered-app-exposes-user-data.html?&web_view=true
    • SentinelOne | Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware: https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware/

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    42 mins
  • S3 Ep44: If You Build It... Backdoors Will Open

    S3 Ep44: If You Build It... Backdoors Will Open
    Sep 25 2025
    Top Headlines:
    • LastPass Labs | Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware: https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages
    • Cisco Talos Blog | How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking: https://blog.talosintelligence.com/how-rainyday-turian-and-a-new-plugx-variant-abuse-dll-search-order-hijacking/?&web_view=true
    • SentinelOne | Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware: https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware/
    • Trend MicroTrend Micro | AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks: https://www.trendmicro.com/en_us/research/25/i/ai-powered-app-exposes-user-data.html?&web_view=true

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    58 mins
  • S3 Ep43: Invasion of the Modular Malware

    S3 Ep43: Invasion of the Modular Malware
    Sep 18 2025
    *Threat Hunting Workshop: Hunting for Persistence - Level 2
    September 24, 2025 | 12:00 - 1:00 PM ET
    Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-workshop-16-hunting-for-persistence-level-2

    ----------

    Top Headlines:
    • Jamf Threat Labs | Learn about ChillyHell, a modular Mac backdoor: https://www.jamf.com/blog/chillyhell-a-modular-macos-backdoor/
    • SecureList | Malicious MCP servers used in supply chain attacks: https://securelist.com/model-context-protocol-for-ai-integration-abused-in-supply-chain-attacks/117473/?web_view=true
    • Bitdefender Blog | EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company: https://www.bitdefender.com/en-us/blog/businessinsights/eggstreme-fileless-malware-cyberattack-apac
    • welivesecurity | Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass: https://www.welivesecurity.com/en/eset-research/introducing-hybridpetya-petya-notpetya-copycat-uefi-secure-boot-bypass/

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    57 mins