APT ANALYSIS

🌟whole community in one group(Black Market Forum) 💡Membership Requirements: ⚡Telegram Premium + Boost 🤩Membership in this group will soon require a buy subscription. 😐Private Link : https://t.me/+KZREIgFO2zswNTkx

30 people have been verified✅ 430 people are still unverified❌ 🥸Because their accounts cannot be verified.

⭐️In the first stage, the entry of all those who had Telegram Premium is confirmed.

➡️For the safety of users, no one has been verified yet, so please wait. & for added security, be careful with what account you log into the group with. ➡️Preferably try logging in with your second accounts. ➡️+ Support for deleted channel data placed .

🔑Private Black Market Group Link : https://t.me/+-H-jT2-4TEw4ZWUx

➡️For the safety of users, no one has been verified yet, so please wait. & for added security, be careful with what account you log into the group with. ➡️Preferably try logging in with your second accounts. ➡️+ Support for deleted channel data placed .

🔑Private Black Market Group Link : https://t.me/+-H-jT2-4TEw4ZWUx

♣️CVE-2025-33053, Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage 🎩Blog : https://research.checkpoint.com/2025/stealth-falcon-zero-day ⭐️@APTANALYSIS

♣️The Bitter End: Unraveling Eight Years of Espionage Antics—Part One 🩸Blog : https://www.proofpoint.com/us/blog/threat-insight/bitter-end-unraveling-eight-years-espionage-antics-part-one ♣️DuplexSpy RAT: Stealthy Windows Malware Enabling Full Remote Control and Surveillance 🐍Blog : https://www.cyfirma.com/research/duplexspy-rat-stealthy-windows-malware-enabling-full-remote-control-and-surveillance/ ♣️TTPs of Cyber Partisans activity aimed at espionage and disruption 😈Blog : https://ics-cert.kaspersky.com/publications/reports/2025/06/05/ttps-of-cyber-partisans-activity-aimed-at-espionage-and-disruption/ ♣️Operation Phantom Enigma 👁Blog : https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/operation-phantom-enigma ♣️BladedFeline: Whispering in the dark 🐈‍⬛Blog : https://www.welivesecurity.com/en/eset-research/bladedfeline-whispering-dark ♣️A SoraAI clickbait 📺Blog : https://labs.k7computing.com/index.php/a-soraai-clickbait ♣️Operation DRAGONCLONE: Chinese Telecommunication industry targeted via VELETRIX & VShell malware. 🚬Blog : https://www.seqrite.com/blog/operation-dragonclone-chinese-telecom-veletrix-vshell-malware ♣️Blitz Malware: A Tale of Game Cheats and Code Repositories 🔪Blog : https://unit42.paloaltonetworks.com/blitz-malware-2025 ⭐️@APTANALYSIS

♣️OtterCookie Analysis of Lazarus Group Malware Targeting Finance and Tech Professionals *&* Cyber Attacks on Government Agencies: Detect and Investigate with ANY.RUN for Fast Response 🧟‍♂️Blog : OtterCookie & Government Agencies ♣️Attacker exploits misconfigured AI tool to run AI-generated payload 😈Blog : https://sysdig.com/blog/attacker-exploits-misconfigured-ai-tool-to-run-ai-generated-payload ♣️In-depth Analysis of a 2025 ViperSoftX Variant 🧟‍♂️Blog : https://labs.k7computing.com/index.php/in-depth-analysis-of-a-2025-vipersoftx-variant ♣️LOLCLOUD - Azure Arc - C2aaS 🌙Blog : https://blog.zsec.uk/azure-arc-c2aas ♣️APT-C-53 (Gamaredon) organization uses military intelligence-related documents to analyze attacks for decoys 😈Blog : https://mp.weixin.qq.com ♣️Doppelganger: An Advanced LSASS Dumper with Process Cloning 🐱Blog : https://labs.yarix.com/2025/06/doppelganger-an-advanced-lsass-dumper-with-process-cloning ♣️BPFDoor - Part 1,2 - The past & The Present 😈Blog : PART [1] - PART [2] ♣️The strange tale of ischhfd83: When cybercriminals eat their own 😈Blog : https://news.sophos.com/en-us/2025/06/04/the-strange-tale-of-ischhfd83-when-cybercriminals-eat-their-own ♣️How Threat Actors Exploit Human Trust: A Breakdown of the 'Prove You Are Human' Malware Scheme 🚬Blog : https://dti.domaintools.com/how-threat-actors-exploit-human-trust ♣️Fingerprints of the past: F6 investigated new and previously unknown activities of the group PhantomCore 👁Blog : https://www.f6.ru/blog/traces-of-phantomcore ⭐️@APTANALYSIS

♣️Infostealer Malware FormBook Spread via Phishing Campaign 🐦part1 : https://www.fortinet.com/blog/threat-research/infostealer-malware-formbook-spread-via-phishing-campaign-part-i 🐦part2 : https://www.fortinet.com/blog/threat-research/infostealer-malware-formbook-spread-via-phishing-campaign ♣️PureHVNC RAT Using Fake High-level Job Offers from Fashion and Beauty Brands 🐦Blog : https://www.netskope.com/blog/purehvnc-rat-using-fake-high-level-job-offers-from-fashion-and-beauty-brands ♣️Dissecting the macOS 'AppleProcessHub' Stealer: Technical Analysis of a Multi-Stage Attack 🐦Blog : https://www.kandji.io/blog/macos-appleprocesshub-stealer ♣️PhaaS the Secrets: The Hidden Ties Between Tycoon2FA and Dadsec's Operations 🐦Blog : https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phaas-the-secrets-the-hidden-ties-between-tycoon2fa-and-dadsecs-operations/ ♣️Cybercriminals camouflaging threats as AI tool installers 🐦Blog : https://blog.talosintelligence.com/fake-ai-tool-installers/ ♣️Chasing Eddies: New Rust- based InfoStealer used in CAPTCHA campaigns 🐦Blog : https://www.elastic.co/security-labs/eddiestealer ⭐️@APTANALYSIS

♣️findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation 👁Blog : https://www.welivesecurity.com/en/eset-research/danabot-analyzing-fallen-empire ♣️GhostSpy Web-Based Android RAT : Advanced Persistent RAT with Stealthy Remote Control and Uninstall Resistance 👁Blog : https://www.cyfirma.com/research/ghostspy-web-based-android-rat-advanced-persistent-rat-with-stealthy-remote-control-and-uninstall-resistance ♣️Detailed technical analysis of the Obstine Mogwai toolkit 👁Part1 : https://rt-solar.ru/solar-4rays/blog/5441 👁Part2 : https://rt-solar.ru/solar-4rays/blog/5544 ♣️NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign 👁Blog : https://www.rapid7.com/blog/post/2025/05/22/nsis-abuse-and-srdi-shellcode-anatomy-of-the-winos-4-0-campaign/ ♣️Dissecting the macOS 'AppleProcessHub' Stealer: Technical Analysis of a Multi-Stage Attack 👁Blog : https://www.kandji.io/blog/macos-appleprocesshub-stealer ♣️ESET takes part in global operation to disrupt Lumma Stealer 👁Blog : https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-lumma-stealer/ ♣️Copyright Phishing Lures Leading to Rhadamanthys Stealer Now Targeting Europe 👁Blog : https://www.cybereason.com/blog/rhadamanthys-stealer-europe ♣️Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites 👁Blog : https://cloud.google.com/blog/topics/threat-intelligence/cybercriminals-weaponize-fake-ai-websites/ ⭐️@APTANALYSIS

♣️Open-source toolset of an Ivanti CSA attacker 🤖Blog : https://www.synacktiv.com/en/publications/open-source-toolset-of-an-ivanti-csa-attacker ♣️From banks to battalions: SideWinder’s attacks on South Asia’s public sector 🤖Blog : https://www.acronis.com/en-us/cyber-protection-center/posts/from-banks-to-battalions-sidewinders-attacks-on-south-asias-public-sector/ ♣️Russian GRU Targeting Western Logistics Entities and Technology Companies 🤖Blog : https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141a ♣️De- obfuscating ALCATRAZ 🤖Blog : https://www.elastic.co/security-labs/deobfuscating-alcatraz ♣️Fake CAPTCHA Attacks Deploy Infostealers and RATs in a Multistage Payload Chain 🤖Blog : https://www.trendmicro.com/en_us/research/25/e/unmasking-fake-captcha-cases.html ♣️VPO or LLM - Silent Werewolf uses new downloaders in attacks on Russian and Moldovan organizations 🤖Blog : https://bi.zone/expertise/blog/silent-werewolf-ispolzuet-novye-zagruzchiki-v-atakakh-na-rossiyskie-i-moldavskie-organizatsii/ ♣️BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory 🤖Blog : https://www.akamai.com/blog/security-research/2025/may/abusing-dmsa-for-privilege-escalation-in-active-directory ♣️China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) Vulnerability 🤖Blog : https://blog.eclecticiq.com/china-nexus-threat-actor-actively-exploiting-ivanti-endpoint-manager-mobile-cve-2025-4428-vulnerability ⭐️@APTANALYSIS

♣️Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware ❤️Blog : https://thedfirreport.com/2025/05/19/another-confluence-bites-the-dust-falling-to-elpaco-team-ransomware ♣️BlackCat Ransomware: Tactics, Techniques & Mitigation Strategies ❤️Blog : https://www.group-ib.com/blog/blackcat/ ♣️Analysis of Hannibal Stealer (newer version of Sharp Stealer) ❤️Blog : https://medium.com/@shubhandrew/analysis-of-hannibal-stealer-newer-version-of-sharp-stealer-155f0d6b093e ♣️Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan ❤️Blog : https://www.trendmicro.com/en_us/research/25/e/earth-ammit.html ♣️The Sting of Fake Kling: Facebook Malvertising Lures Victims to Fake AI Generation Website ❤️Blog : https://research.checkpoint.com/2025/impersonated-kling-ai-site-installs-malware/ ♣️Sophisticated NPM Attack Leveraging Unicode Steganography and Google Calendar C2 ❤️Blog : https://www.veracode.com/resources/sophisticated-npm-attack-leveraging-unicode-steganography-and-google-calendar-c2 ♣️Dero miner zombies biting through Docker APIs to build a cryptojacking horde ❤️Blog : https://securelist.com/dero-miner-infects-containers-through-docker-api/116546/ ♣️Cato CTRL™ Threat Research: Suspected Russian Threat Actors Leverage Tigris, Oracle Cloud Infrastructure, and Scaleway to Target Privileged Users with Lumma Stealer ❤️Blog : https://www.catonetworks.com/blog/cato-ctrl-suspected-russian-threat-actors/ ⭐️@APTANALYSIS

♣️Horabot Unleashed: A Stealthy Phishing Threat 📨Blog : https://www.fortinet.com/blog/threat-research/horabot-unleashed-a-stealthy-phishing-threat ♣️Excel(ent) Obfuscation: Regex Gone Rogue 📨Blog : https://www.deepinstinct.com/blog/excellent-obfuscation-regex-gone-rogue ♣️DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt 📨Blog : https://unit42.paloaltonetworks.com/darkcloud-stealer-and-obfuscated-autoit-scripting/ ♣️A python in disguise: unpacking PyInstaller malware on macOS 📨Blog : https://www.jamf.com/blog/pyinstaller-malware-jamf-threat-labs/ ♣️Technical Analysis of TransferLoader 📨Blog : https://www.zscaler.com/blogs/security-research/technical-analysis-transferloader ♣️Fileless Execution: PowerShell Based Shellcode Loader Executes Remcos RAT 📨Blog : https://blog.qualys.com/vulnerabilities-threat-research/2025/05/15/fileless-execution-powershell-based-shellcode-loader-executes-remcos-rat ♣️Albabat 2.0.0 Decoded: A Config-Driven Design 📨Blog : https://blog.pulsedive.com/albabat-2-0-0-decoded-a-config-driven-design ♣️Operation RoundPress 📨Blog : https://www.welivesecurity.com/en/eset-research/operation-roundpress/ ⭐️@APTANALYSIS

♣️Analysis of APT37 Attack Case Disguised as a Think Tank for National Security Strategy in South Korea (Operation. ToyBox Story) 📨Blog : https://www.genians.co.kr/blog/threat_intelligence/toybox-story ⭐️@APTANALYSIS