Worker Mesh

OTX: TwizAdmin -- Multi-Stage Crypto Clipper, Infostealer & Ransomware Operation

Watch the case move through psyc's worker mesh — seven bots, each performing one pipeline stage and reporting its real result. The Classifier bot's severity verdict comes from the live fine-tuned model; hit ▶ replay to run it again.

how to use this view

How to use. Let the case token travel the mesh — each bot wakes, performs its stage, and reports. Press ▶ replay to run it again.

What you're seeing. Seven worker bots, one per pipeline stage. Awake bots ran for this case; asleep bots are stages that didn't apply. The Classifier bot's verdict is generated live by the fine-tuned model.

Why it matters. It makes the chain of reasoning legible — you can watch what the platform did and why, not just trust a final answer.

Scout
I sweep public feeds for fresh threat signals.

▸ scanning feeds…

Scoutline ingested this signal from otx.
- OTX: TwizAdmin -- Multi-Stage Crypto Clipper, Infostealer & Ransomware Operation
- observables: 10 URLs, 9 domains, 7 hashs
Classifier
I judge severity, TLP and incident type.

▸ assessing severity…

Classifyline rated it medium severity, TLP:GREEN, internal class D.
- incident type: malware
⬡ psyc-v5 · live model severity: MEDIUM ✓ agrees with the rule
Mapper

I locate the host and its jurisdiction.

No host to geolocate for this case.
Sealer

I encrypt evidence for authorized recipients.

Evidence not sealed.
Router
I decide who is allowed to receive this.

▸ evaluating destinations…

Routeline cleared 2 destination(s) and blocked 2 by policy.
- ✓ MISP-Community
- ✓ URLhaus
- ⊘ CERT-Bund — country_mismatch
- ⊘ AbuseIPDB — tlp_exceeded
Courier

I deliver the payload to each destination.

Not yet submitted to any destination.
Ledger

I record every action, immutably.

No ledger entries yet.