APT ANALYSIS

‼️We only included LeakDBMS ads and did not know that APT IRAN had been blocked by the Iranian government. BLACK MARKET CARTEL : Alive🫂❤️ APT IRAN : Dead 🫂🖤 https://t.me/+TBmojKWg-SgxYzk0

New Avengers group channel: https://t.me/Cyber4vengers

♣️Attackers exploit vulnerability CVE-2005–55182 in attacks on Russian companies 🌐Blog : https://bi.zone/expertise/blog/zloumyshlenniki-ekspluatiruyut-uyazvimost-cve-2025-55182-v-atakakh-na-rossiyskie-kompanii ♣️MongoBleed: CVE-2025-14847 Memory Corruption in MongoDB. Your Database Talks Back 🌐Blog : https://phoenix.security/mongobleed-vulnerability-cve-2025-14847 ♣️The Story of a Perfect Exploit Chain: Six Bugs That Looked Harmless Until They Became Pre-Auth RCE in a Security Appliance 🌐Blog : https://mehmetince.net/the-story-of-a-perfect-exploit-chain-six-bugs-that-looked-harmless-until-they-became-pre-auth-rce-in-a-security-appliance ♣️Livewire: remote command execution through unmarshaling 🌐Blog : https://www.synacktiv.com/en/publications/livewire-remote-command-execution-through-unmarshalinghttps://www.synacktiv.com/en/publications/livewire-remote-command-execution-through-unmarshaling ⭐️@APTANALYSIS

🇷🇺Private Nebula 𝐜𝐡𝐚𝐧𝐧𝐞𝐥 𝐬𝐮𝐛𝐬𝐜𝐫𝐢𝐩𝐭𝐢𝐨𝐧 📏📏📏📏📏📏📏📏📏📏📏 💎3-month = 350$ 💎6-month = 650$ 💎9-month = 950$ 🌟12-month = 1250$ ♾LifeTime : 1999$ 📏📏📏📏📏📏📏📏📏📏📏 ⚠️Request :https://t.me/+pEn22EEZA35jZWY0 🔑Buy : @BuyMsgAdbo

💐Black Market Cartel (private group) https://t.me/+vEc5hjqoDDNlODY0

♣️MongoDB Unauthenticated Attacker Sensitive Memory Leak ⏳Blog : https://www.ox.security/blog/attackers-could-exploit-zlib-to-exfiltrate-data-cve-2025-14847/ ⭐️@APTANALYSIS

♣️Onion Overloading via Tor2web 🧅Blog : https://medium.com/@aryanchehreghani/onion-overloading-via-tor2web-77c73fe71dc0 ⭐️@APTANALYSIS

♣️Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets 🐈‍⬛Blog : https://dti.domaintools.com/threat-intelligence-report-apt35-internal-leak-of-hacking-campaigns-against-lebanon-kuwait-turkey-saudi-arabia-korea-and-domestic-iranian-targets ⭐️@APTANALYSIS

✉️Message from APT IRAN: Your power boils down to the report button - nothing more. You are nothing but a bunch of sellout script-kiddies. We have hundreds of backup channels and come back stronger every time. Not only do we know how to report, but we also enjoy endlessly creating new channels and playing with control and monitoring systems

Remote DLL Injection with Timer-based Shellcode Execution https://github.com/andreisss/Remote-DLL-Injection-with-Timer-based-Shellcode-Execution ⭐️@APTANALYSIS

An analysis of the Gentlemen ransomware group, which employs advanced, adaptive tactics, techniques, and procedure to target critical industries worldwide. Blog: https://www.trendmicro.com/en_us/research/25/i/unmasking-the-gentlemen-ransomware.html ⭐️@APTANALYSIS

♣️Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs Blog :https://thedfirreport.com/2025/09/08/blurring-the-lines-intrusion-shows-connection-with-three-major-ransomware-gangs/ ⭐️@APTANALYSIS

The One-Man APT, Part I: A Picture That Can Execute Code on the Target Blog:https://hackers-arise.com/the-one-man-apt-part-i-a-picture-that-can-execute-code-on-the-target/ ⭐️@APTANALYSIS

Three Lazarus RATs coming for your cheese Blog:https://blog.fox-it.com/2025/09/01/three-lazarus-rats-coming-for-your-cheese/ ⭐️@APTANALYSIS

AppSuite PDF Editor Backdoor: A Detailed Technical Analysis Blog: https://www.gdatasoftware.com/blog/2025/08/38257-appsuite-pdf-editor-backdoor-analysis ⭐️@APTANALYSIS

Finding Malware: DIRTYBULK and Friends - USB Infections To Fuel Cybercriminal Coinmining Operations Blog: https://security.googlecloudcommunity.com/community-blog-42/finding-malware-dirtybulk-and-friends-usb-infections-to-fuel-cybercriminal-coinmining-operations-5552 ⭐️@APTANALYSIS

Machine Account Takeover with LsaStorePrivateData() Blog: https://pentest.party/posts/2025/ksetup-machine-password/ ⭐️@APTANALYSIS

♣️Operating Outside the Box: NTLM Relaying Low-Privilege HTTP Auth to LDAP Blog : https://specterops.io/blog/2025/08/22/operating-outside-the-box-ntlm-relaying-low-privilege-http-auth-to-ldap ⭐️@APTANALYSIS

♣️Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware 🌟Blog : https://www.trendmicro.com/en_us/research/25/h/warlock-ransomware.html ♣️Investigation Report: APT36 Malware Campaign Using Desktop Entry Files and Google Drive Payload Delivery 🌟Blog : https://www.cloudsek.com/blog/investigation-report-apt36-malware-campaign-using-desktop-entry-files-and-google-drive-payload-delivery ♣️APT MuddyWater Deploys Multi-Stage Phishing to Target CFOs 🌟Blog : https://hunt.io/blog/apt-muddywater-deploys-multi-stage-phishing-to-target-cfos ♣️Phantom Pains: A Massive Cyber Espionage Campaign and Possible Split of the PhantomCore APT Group 🌟Blog : https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/phantom-pains-a-large-scale-cyber-espionage-campaign-and-a-possible-split-of-the-apt-group-phantomcore/#id1 ♣️Think before you Click(Fix): Analyzing the ClickFix social engineering technique 🌟Blog : https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/ ♣️A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor 🌟Blog : https://cloud.google.com/blog/topics/threat-intelligence/analyzing-cornflake-v3-backdoor/ ♣️Examining the tactics of BQTLOCK Ransomware & its variants 🌟Blog : https://labs.k7computing.com/index.php/examining-the-tactics-of-bqtlock-ransomware-its-variants/ ⭐️@APTANALYSIS