APT ANALYSIS

♣️Bitcoin to the moon: Trump endorsing, scammers exploiting 👁Blog : https://www.cloudflare.com/en-au/threat-intelligence/research/report/bitcoin-to-the-moon-trump-endorsing-scammers-exploiting/ ♣️Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst 📺Blog : https://www.fortinet.com/blog/threat-research/analyzing-elf-sshdinjector-with-a-human-and-artificial-analyst ♣️GetSmoked: UAC-0006 Returns With SmokeLoader Targeting Ukraine's Largest State-Owned Bank 👁 Blog : https://www.cloudsek.com/blog/getsmoked-uac-0006-returns-with-smokeloader-targeting-ukraines-largest-state-owned-bank ♣️Dual Injection Undermines Chromes App-Bound Encryption 📺Blog : https://cyble.com/blog/dual-injection-undermines-chromes-encryption/ ⭐️@APTANALYSIS

♣️AiTM/ MFA phishing attacks in combination with “new” Microsoft protections (2025 edition) 🎣Blog : https://jeffreyappel.nl/aitm-mfa-phishing-attacks-in-combination-with-new-microsoft-protections-2023-edt ⭐️@APTANALYSIS

♣️ASyncRAT [IR/Malware Analysis] 🧪Blog : https://ventdrop.github.io/posts/asyncrat ⭐️@APTANALYSIS

♣️Unmasking : Technological Advancement and Evolution of MuddyWater in 2024 🖐Blog : https://www.gov.il/BlobFolder/reports/maddy_water_2024/en/ALERT_CERT_IL_W_1858.pdf ⭐️@APTANALYSIS

♣️LegionLoader exposed ... 💀Blog : https://tehtris.com/en/blog/legionloader-exposed ⭐️@APTANALYSIS

♣️The Anatomy of Abyss Locker Ransomware Attack 😈Blog : https://www.sygnia.co/blog/abyss-locker-ransomware-attack-analysis ⭐️@APTANALYSIS

♣️From Credit Card Skimming to Exploiting Zero-Days 📺Blog : https://intezer.com/blog/research/xe-group-exploiting-zero-days/ ⭐️@APTANALYSIS

♣️Analyzing a Fully Undetectable (FUD) macOS Backdoor 🔴Blog : https://denwp.com/fully-undetectable-fud-macos-backdoor ⭐️@APTANALYSIS

♣️Stealers on the Rise: A Closer Look at a Growing macOS Threat 🍭Blog : https://unit42.paloaltonetworks.com/macos-stealers-growing ⭐️@APTANALYSIS

♣️Accidentally uncovering a seven years old vulnerability in the Linux kernel 🌙Blog : https://allelesecurity.com/accidentally-uncovering-a-seven-years-old-vulnerability-in-the-linux-kernel/ ⭐️@APTANALYSIS

♣️Cybereason Research List (2024-2025) 🎣THREAT ALERT: DarkGate Loader ➡️Blog : https://www.cybereason.com/blog/threat-alert-darkgate-loader 🎣THREAT ALERT: Ivanti Connect Secure VPN Zero-Day Exploitation ➡️Blog : https://www.cybereason.com/blog/threat-alert-ivanti-connect-secure-vpn-zero-day-exploitation 🎣From Cracked to Hacked: Malware Spread via YouTube Videos ➡️Blog : https://www.cybereason.com/blog/from-cracked-to-hacked-malware-spread-via-youtube-videos 🎣Unboxing Snake - Python Infostealer Lurking Through Messaging Services ➡️Blog : https://www.cybereason.com/blog/unboxing-snake-python-infostealer-lurking-through-messaging-service 🎣Beware of the Messengers, Exploiting ActiveMQ Vulnerability ➡️Blog : https://www.cybereason.com/blog/beware-of-the-messengers-exploiting-activemq-vulnerability 🎣Threat Alert: The Anydesk Breach Aftermath ➡️Blog : https://www.cybereason.com/blog/threat-alert-the-anydesk-breach-aftermath 🎣Behind Closed Doors: The Rise of Hidden Malicious Remote Access ➡️Blog : https://www.cybereason.com/blog/behind-closed-doors-the-rise-of-hidden-malicious-remote-access 🎣THREAT ALERT: The XZ Backdoor - Supply Chaining Into Your SSH ➡️Blog : https://www.cybereason.com/blog/threat-alert-the-xz-backdoor 🎣I am Goot (Loader) ➡️Blog : https://www.cybereason.com/blog/i-am-goot-loader 🎣Hardening of HardBit ➡️Blog : https://www.cybereason.com/blog/hardening-of-hardbit 🎣Cuckoo Spear – the latest Nation-state Threat Actor targeting Japanese companies ➡️Blog : https://www.cybereason.com/blog/cuckoo-spear 🎣Capability vs. Usability ➡️Blog : https://www.cybereason.com/blog/capability-vs-usability 🎣CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective ➡️Blog : https://www.cybereason.com/blog/cuckoo-spear-analyzing-noopdoor 🎣CUCKOO SPEAR Part 2: Threat Actor Arsenal ➡️Blog : https://www.cybereason.com/blog/cuckoo-spear-pt2-threat-actor-arsenal 🎣The Great Debate: On-Premise vs. Cloud based EDR ➡️Blog : https://www.cybereason.com/blog/on-premise-vs-cloud-based-edr 🎣THREAT ANALYSIS: Beast Ransomware ➡️Blog : https://www.cybereason.com/blog/threat-analysis-beast-ransomware 🎣Stellar Discovery of A New Cluster of Andromeda/Gamarue C2 ➡️Blog :https://www.cybereason.com/blog/new-cluster-andromeda-gamrue-c2 🎣Your Data Is Under New Lummanagement: The Rise of LummaStealer ➡️Blog : https://www.cybereason.com/blog/threat-analysis-rise-of-lummastealer 🎣Phorpiex - Downloader Delivering Ransomware ➡️Blog :https://www.cybereason.com/blog/threat-analysis-phorpiex-downloader ⭐️@APTANALYSIS

♣️Exploiting Reversing (ER) series 🚬File-List : https://exploitreversing.com/wp-content/uploads/2025/02/exploit_reversing_04.pdf ♣️Mali-cious Intent: Exploiting GPU Vulnerabilities (CVE-2022-22706 / CVE-2021-39793) 👁Blog : https://starlabs.sg/blog/2025/12-mali-cious-intent-exploiting-gpu-vulnerabilities-cve-2022-22706/ ⭐️@APTANALYSIS

🎁 Computed cache list 3 ♣️Queries can be used to coerce SMB authentication from SCCM client hosts 💀Blog : https://posts.specterops.io/further-adventures-with-cmpivot-client-coercion-38b878b740ac ♣️Super-charging Bug Bounty Hunting with the Power of AI 💀Blog : https://blog.ethiack.com/blog/supercharging-bug-bounty-hunting-with-ai ♣️Replacing a Space Heater Firmware Over WiFi 💀Blog : https://blog.includesecurity.com/2025/02/replacing-a-space-heater-firmware-over-wifi/ ♣️GreenSpot APT Targets 163.com Users with Fake Download Pages & Spoofed Domains 💀Blog : https://hunt.io/blog/greenspot-apt-targets-163com-fake-downloads-spoofing ♣️Infrastructure Laundering: Silent Push Exposes Cloudy Behavior Around FUNNULL CDN Renting IPs from Big Tech 💀Blog :https://www.silentpush.com/blog/infrastructure-laundering/ ♣️Coyote Banking Trojan: A Stealthy Attack via LNK Files 💀Blog : https://www.fortinet.com/blog/threat-research/coyote-banking-trojan-a-stealthy-attack-via-lnk-files ⭐️@APTANALYSIS

♣️Rat Race: ValleyRAT Malware Targets Organizations with New Delivery Techniques ⛓Blog : https://www.morphisec.com/blog/rat-race-valleyrat-malware-china ⭐️@APTANALYSIS

♣️Practical Incident Response - Active Directory 😈Blog : https://nxb1t.is-a.dev/incident-response/practical_ir_ad/ 💡Lab : https://nxb1t.is-a.dev/lab-setups/ad_lab ⭐️@APTANALYSIS

♣️Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks (CVE-2025-0411) 💀Blog : https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html ⭐️@APTANALYSIS

♣️8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur 🔴Blog : https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/ ⭐️@APTANALYSIS

♣️Tracing the Path From SmartApeSG to NetSupport RAT 🐁Blog : https://www.team-cymru.com/post/tracing-the-path-from-smartapesg-to-netsupport-rat ⭐️@APTANALYSIS

♣️Sparkcat stealer in app store and google play 👁Blog : https://securelist.ru/sparkcat-stealer-in-app-store-and-google-play/111638 ⭐️@APTANALYSIS