APT ANALYSIS

♣️Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware 😈Blog : https://www.trendmicro.com/en_us/research/26/e/analyzing-void-dokkaebi-invisibleferret-malware.html ♣️Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns 😈Blog : https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens ♣️Behind .payload: In-Depth Technical Analysis of Payload Ransomware 💀Blog : https://darkatlas.io/blog/behind-payload-in-depth-technical-analysis-of-payload-ransomware ♣️Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data 💀Blog : https://www.fortinet.com/blog/threat-research/phishing-campaign-deploys-javascript-driven-purelogs-variant-to-steal-sensitive-data ♣️RemotePE: The Lazarus RAT that lives in memory ✨Blog : https://blog.fox-it.com/2026/05/22/remotepe-the-lazarus-rat-that-lives-in-memory ♣️Fluffy Wolf tested new products on Russian companies 💀Blog : https://bi.zone/expertise/blog/fluffy-wolf-ispytal-novinki-na-rossiyskikh-kompaniyakh ♣️forge-jsxy: 22 Versions of an Actively Developed npm RAT 🌀Blog : https://safedep.io/malicious-forge-jsxy-npm-rat-evolution ♣️From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities 💀Blog : https://www.microsoft.com/en-us/security/blog/2026/05/26/poisoned-search-results-gpu-mining-cryptojacking-campaign-abusing-screenconnect-microsoft-net-utilities ♣️The Gentlemen ransomware: Dissecting a self-propagating Go encryptor 😈Blog : https://www.microsoft.com/en-us/security/blog/2026/05/28/the-gentlemen-ransomware-dissecting-a-self-propagating-go-encryptor ♣️ShinyHunters: Silent Malware as a Service (MaaS) 😈Blog : https://ransom-isac.org/blog/shinyhunters-silent-maas ♣️Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure 😈Blog : https://www.wiz.io/blog/threat-actors-target-crypto-orgs ♣️Universities and energy attacks an unknown group, an active minimum since 2024 😈Blog : https://securelist.ru/unknown-group-targets-maritime-universities/115765 ♣️Operation XENOFISCAL: SideCopy deploying persistent XenoRAT targeting the MoF, Afghanistan 😈Blog : https://www.seqrite.com/blog/operation-xenofiscal-sidecopy-deploying-persistent-xenorat-targeting-the-mof-afghanistan ♣️Operation Dragon Weave : Uncovering a China-Linked Campaign Targeting Czech Republic and Taiwan Using Azure Cloud C2 😈Blog : https://www.seqrite.com/blog/operation-dragon-weave-uncovering-a-china-linked-campaign-targeting-czech-republic-and-taiwan-using-azure-cloud-c2 ♣️Meet DriveSurge: A New Threat Actor Using ClickFix and Fake Update Drive-By Attacks in Thousands of Compromised Sites ❌Blog : https://www.silentpush.com/blog/drivesurge ♣️Inside MicrosoftSystem64: A Supply Chain RAT Exfiltrating to HuggingFace 😈Blog : https://safedep.io/microsoftsystem64-binary-payload-analysis ♣️FSB’s matryoshka – Gamaredon’s gifts that keeps unpacking – GammaPhish and GammaWorm 🐈‍⬛Blog 1/3 : https://blog.sekoia.io/fsbs-matryoshka-1-3-gamaredons-gifts-that-keeps-unpacking-gammaphish-and-gammaworm 🐈‍⬛Blog 2/3 : https://blog.sekoia.io/fsbs-matryoshka-2-3-gamaredons-gifts-that-keeps-unpacking-gammaload 🐈‍⬛Blog 3/3 : https://blog.sekoia.io/fsbs-matryoshka-3-3-gamaredons-gifts-that-keeps-unpacking-gammasteel ♣️From Fake Purchase Orders to Remote Access: Analyzing the JS.MonoGlyphRAT Threat to US Enterprises 😐Blog : https://any.run/cybersecurity-blog/monoglyphrat-attacks-us-enterprise ♣️Detecting Nimbus Manticore and their sideloading infection chains 👁‍🗨Blog : https://www.nextron-systems.com/2026/06/01/detecting-nimbus-manticore-and-their-sideloading-infection-chains ♣️MUSTANG PANDA x PLUGX - Analysis of the January 2026 sample: a multi-layer execution chain 👁Blog : https://bluecyber.hashnode.dev/mustang-panda-x-plugx-analysis-of-the-january-2026-sample-a-multi-layer-execution-chain ♣️PHANTOMPULSE: anatomy of a hijackable blockchain-C2 RAT 🐺Blog : https://www.elastic.co/security-labs/blockchain-c2-phantompulse-rat-sinkhole ♣️TA4922: The Suspected Chinese Crime Group is Going Global 😈Blog : https://www.proofpoint.com/us/blog/threat-insight/ta4922-suspected-chinese-crime-group-going-global ♣️Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO 🔪Blog : https://www.fortinet.com/blog/threat-research/inside-cross-platform-propagation-of-new-gafgyt-variant-c0xmo ♣️Impersonation, Click Hijacking, and TDS: Inside a Malware Distribution Ecosystem 🐱Blog : https://research.checkpoint.com/2026/impersonation-click-hijacking-and-tds-inside-a-malware-distribution-ecosystem ♣️KeyCat Stealer Uncovered: Inside a $40 Multi-Platform Infostealer with Telegram C2 and Active Staging Infrastructure 😈Blog : https://flare.io/learn/resources/blog/keycat-stealer-multi-platform-infostealer ♣️From Malspam to Fileless .NET Loader 😈Blog : https://www.huntress.com/blog/malspam-to-loader-delivery-chain-analysis ♣️ReliaQuest's Agentic AI Uncovers New China-Linked Cluster OP-512 😈Blog : https://reliaquest.com/blog/threat-spotlight-reliaquests-agentic-ai-uncovers-new-china-linked-cluster-op-512 ♣️Bait for the commander: we study the attacks of the cyberspy group SiribClone on the Russian military 😶Blog : https://www.f6.ru/blog/siribclone ♣️Operation TaxShadow : Multi-Region Tax Phishing & In-Memory Malware Campaign 😈Blog : https://www.cyfirma.com/research/operation-taxshadow-multi-region-tax-phishing-in-memory-malware-campaign ♣️Don't Fear the Repo: UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency 😈Blog : https://www.proofpoint.com/us/blog/threat-insight/dont-fear-repo-unkdeaddrop-phishing-campaign-targets-developers-steal ♣️AI brands as bait: How threat actors are using the AI hype in social engineering 😈Blog : https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering ⭐️@APTANALYSIS