Just Another Blue Teamer<p>To aid you in your Threat Hunting journey, check out this Threat Profile based on behaviors associated with Amadey! There are two Community Hunt Packages that can get you started! Now get hunting!</p><p>Amadey<br /><a href="https://hunter.cyborgsecurity.io/research/threat-profile/eb857bc3-9908-4356-95e8-4cbba7c64134" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">hunter.cyborgsecurity.io/resea</span><span class="invisible">rch/threat-profile/eb857bc3-9908-4356-95e8-4cbba7c64134</span></a></p><p><a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#<span>gethunting</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC)
InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.
Administered by:
Server stats:
1.3Kactive users
ioc.exchange: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#huntoftheday
0 posts · 0 participants · 0 posts today
Just Another Blue Teamer<p>And of course, another great resource that you can use for your Intel-Driven threat hunting efforts from MITRE ATT&CK. There is enough intel here to create a bunch of different hypotheses and hunt queries! </p><p>Salt Typhoon <br /><a href="https://attack.mitre.org/groups/G1045/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="">attack.mitre.org/groups/G1045/</span><span class="invisible"></span></a></p><p><a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#<span>gethunting</span></a></p>
Just Another Blue Teamer<p>First, we have created a Hunt Package Collection based on hashtag#SaltTyphoon behaviors which you can find here! There is a Community Edition hunt package in there that can get your hunting started! </p><p>Salt Tyhpoon Hunt Package Collection<br /><a href="https://hunter.cyborgsecurity.io/research/search?state=(compatible:!f,filters:(actors:!(%27Salt%20Typhoon%27)),library:!(cyborg_collections),page:0,size:10,sort:relevance,term:!(),touched:!t" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">hunter.cyborgsecurity.io/resea</span><span class="invisible">rch/search?state=(compatible:!f,filters:(actors:!(%27Salt%20Typhoon%27)),library:!(cyborg_collections),page:0,size:10,sort:relevance,term:!(),touched:!t</span></a>)</p><p><a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#<span>gethunting</span></a></p>
Just Another Blue Teamer<p>Not to beat a dead horse, but deleting shadow copies is a very common behavior that many ransomware strains use. So if you are on the hunt, let us help you with this Community Hunt Package! </p><p>Shadow Copies Deletion Using Operating Systems Utilities<br /><a href="https://hunter.cyborgsecurity.io/research/hunt-package/2e3e9910-70c1-4822-804a-ee9919b0c419" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">hunter.cyborgsecurity.io/resea</span><span class="invisible">rch/hunt-package/2e3e9910-70c1-4822-804a-ee9919b0c419</span></a></p><p><a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#<span>gethunting</span></a></p>
Just Another Blue Teamer<p>If this article got you thinking about LOLBINs, take this great information and make it actionable with this Community Hunt Package! It covers the execution of common LOLBINs directly related to discovery activity! Now Get Hunting!</p><p>Excessive Windows Discovery and Execution Processes - Potential Malware Installation<br /><a href="https://hunter.cyborgsecurity.io/research/hunt-package/6d1c9f13-e43e-4b52-a443-5799465d573b" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">hunter.cyborgsecurity.io/resea</span><span class="invisible">rch/hunt-package/6d1c9f13-e43e-4b52-a443-5799465d573b</span></a></p><p><a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#<span>gethunting</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="tag">#<span>HappyHunting</span></a></p>
Just Another Blue Teamer<p>Apologies for the delay, didn't mean to leave all your threat hunters hanging! According to the researchers, <a href="https://ioc.exchange/tags/Anubis" class="mention hashtag" rel="tag">#<span>Anubis</span></a> <a href="https://ioc.exchange/tags/ransomware" class="mention hashtag" rel="tag">#<span>ransomware</span></a> runs the following command to inhibit system recovery (T1490) " vssadmin delete shadows /for=norealvolume /all /quiet". This is a common behavior from ransomware strains but you can use this Community Hunt Package to help discover that activity in your environment! Go find evil and get hunting!</p><p>Shadow Copies Deletion Using Operating Systems Utilities</p><p><a href="https://hunter.cyborgsecurity.io/research/hunt-package/2e3e9910-70c1-4822-804a-ee9919b0c419" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">hunter.cyborgsecurity.io/resea</span><span class="invisible">rch/hunt-package/2e3e9910-70c1-4822-804a-ee9919b0c419</span></a></p><p><a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#<span>gethunting</span></a>!</p>
Just Another Blue Teamer<p>If RMM tool abuse is something you are concerned about check out this community hunt package! This hunt package is designed to identify when a service is created to run AnyDesk, which was a tactic the adversary used in this report! Hope you enjoy and Happy Hunting!</p><p>AnyDesk Service Installation - Potentially Malicious RMM Tool Installation<br /><a href="https://hunter.cyborgsecurity.io/research/hunt-package/4103B086-F093-4084-9125-15B9A6C872B8" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">hunter.cyborgsecurity.io/resea</span><span class="invisible">rch/hunt-package/4103B086-F093-4084-9125-15B9A6C872B8</span></a></p><p><a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#<span>gethunting</span></a></p>
Just Another Blue Teamer<p>I know I was away for a while but I'll make it up to you! Check out our Hunt Package Collection that focuses on Volt Typhoon! We have multiple community edition hunt packages that can get you started! Now, the next steps are up to you! Happy Hunting!</p><p>Volt Typhoon Hunt Package Collection<br /><a href="https://hunter.cyborgsecurity.io/research/search?state=(compatible:!f,filters:(),library:!(cyborg_collections),page:0,size:10,sort:last_updated_desc,term:!(c16e5f84-27e4-491e-acf6-4a0cd10e5e01),touched:!t)&utm_campaign=HUNTER%20%7C%20Emerging%20Threats&utm_source=hs_email&utm_medium=email&_hsenc=p2ANqtz-96sdWv8rhaL0Uw6xkGAMgdZNJJ3gK4Cmx-Uj665UMHowd6eRbpPtBnuVh6i3bXLOi7EwqW" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">hunter.cyborgsecurity.io/resea</span><span class="invisible">rch/search?state=(compatible:!f,filters:(),library:!(cyborg_collections),page:0,size:10,sort:last_updated_desc,term:!(c16e5f84-27e4-491e-acf6-4a0cd10e5e01),touched:!t)&utm_campaign=HUNTER%20%7C%20Emerging%20Threats&utm_source=hs_email&utm_medium=email&_hsenc=p2ANqtz-96sdWv8rhaL0Uw6xkGAMgdZNJJ3gK4Cmx-Uj665UMHowd6eRbpPtBnuVh6i3bXLOi7EwqW</span></a></p><p><a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#<span>gethunting</span></a></p>
Just Another Blue Teamer<p>AND A HUNT OF THE DAY!?! You know it! Looking at where the malware created their scheduled task you can tell it is a little phishy, but there are more locations that adversaries like to use/abuse! See what you can find in your environment with this! Yes, it is community and I hope it gets you off on your journey if you haven't started OR it adds another tool to your existing toolbox! Happy Hunting!</p><p>Scheduled Task Executing from Abnormal Location<br /><a href="https://hunter.cyborgsecurity.io/research/hunt-package/09a380b3-45e5-408c-b14c-3787fa48d783" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">hunter.cyborgsecurity.io/resea</span><span class="invisible">rch/hunt-package/09a380b3-45e5-408c-b14c-3787fa48d783</span></a></p><p><a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#<span>gethunting</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="tag">#<span>HappyHunting</span></a></p>
Just Another Blue Teamer<p>To compliment the work of the authors, why not take this Community Hunt Package with you to identify when a Powershell encoded command is executed in your environment:</p><p>Powershell Encoded Command Execution<br /><a href="https://hunter.cyborgsecurity.io/research/hunt-package/d2d3bbc2-6e57-4043-ab24-988a6a6c88db" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">hunter.cyborgsecurity.io/resea</span><span class="invisible">rch/hunt-package/d2d3bbc2-6e57-4043-ab24-988a6a6c88db</span></a></p><p><a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#<span>gethunting</span></a></p>
Just Another Blue Teamer<p>I had this all ready but forgot to send yesterday! For your <a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a> I would recommend conducting an unstructured hunt on processes making network detections that could lead to C2 activity! Enjoy and Happy Hunting!</p><p><a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#<span>gethunting</span></a></p>
Just Another Blue Teamer<p>And, if you are taking this wonderful intel and using it to threat hunt, why not let us help you! Check out this Community Hunt Package that helps identify when AnyDesk is executed from an abnormal folder. Yes it wasn't mentioned in the article, but there are PLENTY of examples of this abuse in many other articles! Enjoy and Happy Hunting!</p><p>AnyDesk Execution from Abnormal Folder - Potential Malicious Use of RMM Tool<br /><a href="https://hunter.cyborgsecurity.io/research/hunt-package/93F71607-F35D-4AA6-AEC9-C2F8A62CBD8A" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">hunter.cyborgsecurity.io/resea</span><span class="invisible">rch/hunt-package/93F71607-F35D-4AA6-AEC9-C2F8A62CBD8A</span></a></p><p><a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#<span>gethunting</span></a></p>
Just Another Blue Teamer<p>Don't think I was going to leave you hanging! If you haven't got this hunt package yet, what are you waiting for? This is probably the top community hunt package I post because the technique is SO common! Let us help you hunt for persistence through the modification of the Windows Run Registry key and other locations. I promise, the NanoCore RAT is not the only malware to use it, so you got multiple threats covers. Enjoy and Happy Hunting!</p><p>Autorun or ASEP Registry Key Modification<br /><a href="https://hunter.cyborgsecurity.io/research/hunt-package/8289e2ad-bc74-4ae3-bfaa-cdeb4335135c" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">hunter.cyborgsecurity.io/resea</span><span class="invisible">rch/hunt-package/8289e2ad-bc74-4ae3-bfaa-cdeb4335135c</span></a></p><p><a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#<span>gethunting</span></a></p>
Just Another Blue Teamer<p>And more good news! I am going to leave you with a community hunt package from our Ransomware Collection for you to stay diligent in your threat hunting efforts! So go get hunting!</p><p>Windows sc Used to Disable Multiple Services in Brief Period - Potential Ransomware<br /><a href="https://hunter.cyborgsecurity.io/research/hunt-package/5387a0d8-7890-4338-b1d5-8611dbfdcfee" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">hunter.cyborgsecurity.io/resea</span><span class="invisible">rch/hunt-package/5387a0d8-7890-4338-b1d5-8611dbfdcfee</span></a></p><p><a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#<span>gethunting</span></a></p>
Just Another Blue Teamer<p>Diving a little deeper into RDPWrapper, I found that, like it's Windows Native version, it is designed to communicate on Port 3389. Now, knowing that Kimsuky has it's own version, I am curious as to whether the custom version used 3389 as well. Either way, you can run an unstructured hunt for internal->external communication over abnormal ports to hunt for this, and many other, threats. Honestly, a good way to start may be to exclude port 80 (hopefully nothing is there to begin with), port 443, port 53 to remove DNS, and maybe 22 if that is something in your environment. Of course, this is going to differ per environment, so take it and make it your own! Happy Hunting!</p><p><a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a></p>
Just Another Blue Teamer<p>To help get you up and running, or to add another hunt to your list, here is one you may be using already! While this attack involves different malware and actors, this behavior is a common one that is seen AND used by many different adversaries and malware! Enjoy and Happy Hunting!</p><p>Autorun or ASEP Registry Key Modification<br /><a href="https://hunter.cyborgsecurity.io/research/hunt-package/8289e2ad-bc74-4ae3-bfaa-cdeb4335135c" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">hunter.cyborgsecurity.io/resea</span><span class="invisible">rch/hunt-package/8289e2ad-bc74-4ae3-bfaa-cdeb4335135c</span></a></p><p><a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a></p>
Just Another Blue Teamer<p>And as a gift for you on Friday, here are TWO community hunt packages you can use to hunt for similar suspicious activity! Happy Hunting!</p><p>Scheduled Task Executing from Abnormal Location</p><p><a href="https://hunter.cyborgsecurity.io/research/hunt-package/09a380b3-45e5-408c-b14c-3787fa48d783" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">hunter.cyborgsecurity.io/resea</span><span class="invisible">rch/hunt-package/09a380b3-45e5-408c-b14c-3787fa48d783</span></a></p><p>This hunt package is designed to capture activity associated with a scheduled task which includes abnormal locations in its details for execution. This is often a mark of persistence or malicious tasks created by malware or attackers. details.</p><p>Potential Maldoc Execution Chain Observed</p><p><a href="https://hunter.cyborgsecurity.io/research/hunt-package/b194088b-c846-4c72-a4b7-933627878db4" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">hunter.cyborgsecurity.io/resea</span><span class="invisible">rch/hunt-package/b194088b-c846-4c72-a4b7-933627878db4</span></a></p><p>Detect the aftermath of a successfully delivered and executed maldoc (Microsoft Office). A detection indicates an Office document was opened from an email or download/link, spawned a suspicious execution, and attempted to execute code via common Windows binaries (i.e. powershell, cmd, rundll32, etc).</p><p><a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#<span>gethunting</span></a></p>
Just Another Blue Teamer<p>While you are hunting, add this to your toolbox! This hunt package will help you identify potentially malicious use of WMI when utilized for local enumeration and discovery of a host, a common behavior! Happy Hunting!</p><p>WMIC Windows Internal Discovery and Enumeration<br /><a href="https://hunter.cyborgsecurity.io/research/hunt-package/bc0fd59c-4217-46a7-a167-764727118567" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">hunter.cyborgsecurity.io/resea</span><span class="invisible">rch/hunt-package/bc0fd59c-4217-46a7-a167-764727118567</span></a></p><p><a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a></p>
Just Another Blue Teamer<p>Good day everyone!</p><p>ESET published a report covering a China-aligned APT group named PlushDaemon and their campaign against a VPN provider in South Korea. The attack started with the victim downloading a malicious IPanyVPNsetup.exe installer that, when ran, creates both legitimate and malicious files. Persistence is gained through the use of the Windows Run Registry key and references the directory that the malware lives: %PUBLIC%\Documents\WPSDocuments\WPSManager\svcghost.exe. Later in the attack, .dll's and .exe's are created in the same directory, further leading to suspicious activity. </p><p>Opportunities to hunt:<br />Suspicious File Creates:<br />Looking in the %PUBLIC% directory for files being created could be your first step. This directory is commonly abused by actors because it is an easy place to hide their payloads since this isn't a location normally used by end-users to store documents and files. </p><p>Pseudo Query:<br />event_type="file_create" AND file_directory="*PUBLIC*" AND (file_extension=".dll" OR file_extension=".exe"). </p><p>Article source:<br />PlushDaemon compromises supply chain of Korean VPN service<br /><a href="https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://www.</span><span class="ellipsis">welivesecurity.com/en/eset-res</span><span class="invisible">earch/plushdaemon-compromises-supply-chain-korean-vpn-service/</span></a></p><p>I know it's not a lot but it can help you uncover suspicious activity earlier in the attack chain and hopefully you find it before the malware achieves its goal! Enjoy and Happy Hunting!</p><p>Intel 471 Cyborg Security, Now Part of Intel 471 <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="tag">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="tag">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="tag">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="tag">#<span>HappyHunting</span></a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="tag">#<span>readoftheday</span></a> <a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a></p>
Just Another Blue Teamer<p>Good day everyone!</p><p>Sophos has released their second "Active Adversary Report" of 2024 where they look specifically at patterns and developments they noted during the first half of the year. They provided 3 key takeaways which were:</p><p>- Abuse of built-in Microsoft services (LOLbins) is up - way up<br />- RDP (Remote Desktop Protocol) abuse continues rampant, with a twist<br />- The ransomware scene: Banyans vs poplars.</p><p>LOLBIN abuse:<br />The Sophos researchers organized all their data and found that RPD, cmd.exe, and powershell were the top hitters for most prevalent LOLBIN being abused and they share the trend of LOLBIN abuse of which applications are being seen more or less from 2023 compared to the first part of 2024. Notable increases were seen in cmd.exe, net.exe, notepad.exe and ipconfig.exe. Notable decreases were PsExec, Task Scheduler, and a slight decrease in RDP, even though it remains at the top. </p><p>Now the question is, how does this help you and what are you going to do about it? Well, there is always the question as to whether to run a structured or unstructured hunt. For unstructured, I would prioritize that list from first to last and look for anomalies in the data. For structured hunts, I would try to better understand the behavior and the reason the adversaries are using them. Then you can focus on these behaviors, improve your query using different options/flags/parameters (whatever you want to call them) and dig deeper. Use the knowledge you have of how they have been used maliciously in the past to help guide you! Enjoy and Happy Hunting!</p><p>The Bite from Inside: The Sophos Active Adversary Report<br /><a href="https://news.sophos.com/en-us/2024/12/12/active-adversary-report-2024-12/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">news.sophos.com/en-us/2024/12/</span><span class="invisible">12/active-adversary-report-2024-12/</span></a></p><p>Intel 471 <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="tag">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="tag">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="tag">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="tag">#<span>HappyHunting</span></a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="tag">#<span>readoftheday</span></a> <a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="tag">#<span>huntoftheday</span></a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#<span>gethunting</span></a> Cyborg Security, Now Part of Intel 471</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload