Actionable cyber threat intelligence is vital for effective defense. In practice, indicators of compromises (IP addresses or domains) are used to alert potential malicious activities. However, such alerts lack important context for defenders to take effective actions. For example, given an alert concerning an IP address, a defender wants to know what type of malicious act (e.g., phishing website vs. C2) was observed associated with it. What technical manifestations (e.g., modification of a particular registry key) have been observed from the attacker using this IP address? Such context information helps defenders prioritize alerts and quickly determine whether a system has been compromised. Much of such context information exists in real-time information-sharing systems such as messaging apps and forums. This paper describes an approach to extract technical manifestations of attacks from tweets. We have compared our results with the performance of the GPT-3.5- Turbo model and text-embedding-ada-002 model of OpenAI and also created an open-source project to make our tools and data available for the cybersecurity research community [9].