APT ANALYSIS

♣️Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware 😈Blog : https://www.trendmicro.com/en_us/research/26/e/analyzing-void-dokkaebi-invisibleferret-malware.html ♣️Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns 😈Blog : https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens ♣️Behind .payload: In-Depth Technical Analysis of Payload Ransomware 💀Blog : https://darkatlas.io/blog/behind-payload-in-depth-technical-analysis-of-payload-ransomware ♣️Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data 💀Blog : https://www.fortinet.com/blog/threat-research/phishing-campaign-deploys-javascript-driven-purelogs-variant-to-steal-sensitive-data ♣️RemotePE: The Lazarus RAT that lives in memory ✨Blog : https://blog.fox-it.com/2026/05/22/remotepe-the-lazarus-rat-that-lives-in-memory ♣️Fluffy Wolf tested new products on Russian companies 💀Blog : https://bi.zone/expertise/blog/fluffy-wolf-ispytal-novinki-na-rossiyskikh-kompaniyakh ♣️forge-jsxy: 22 Versions of an Actively Developed npm RAT 🌀Blog : https://safedep.io/malicious-forge-jsxy-npm-rat-evolution ♣️From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities 💀Blog : https://www.microsoft.com/en-us/security/blog/2026/05/26/poisoned-search-results-gpu-mining-cryptojacking-campaign-abusing-screenconnect-microsoft-net-utilities ♣️The Gentlemen ransomware: Dissecting a self-propagating Go encryptor 😈Blog : https://www.microsoft.com/en-us/security/blog/2026/05/28/the-gentlemen-ransomware-dissecting-a-self-propagating-go-encryptor ♣️ShinyHunters: Silent Malware as a Service (MaaS) 😈Blog : https://ransom-isac.org/blog/shinyhunters-silent-maas ♣️Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure 😈Blog : https://www.wiz.io/blog/threat-actors-target-crypto-orgs ♣️Universities and energy attacks an unknown group, an active minimum since 2024 😈Blog : https://securelist.ru/unknown-group-targets-maritime-universities/115765 ♣️Operation XENOFISCAL: SideCopy deploying persistent XenoRAT targeting the MoF, Afghanistan 😈Blog : https://www.seqrite.com/blog/operation-xenofiscal-sidecopy-deploying-persistent-xenorat-targeting-the-mof-afghanistan ♣️Operation Dragon Weave : Uncovering a China-Linked Campaign Targeting Czech Republic and Taiwan Using Azure Cloud C2 😈Blog : https://www.seqrite.com/blog/operation-dragon-weave-uncovering-a-china-linked-campaign-targeting-czech-republic-and-taiwan-using-azure-cloud-c2 ♣️Meet DriveSurge: A New Threat Actor Using ClickFix and Fake Update Drive-By Attacks in Thousands of Compromised Sites ❌Blog : https://www.silentpush.com/blog/drivesurge ♣️Inside MicrosoftSystem64: A Supply Chain RAT Exfiltrating to HuggingFace 😈Blog : https://safedep.io/microsoftsystem64-binary-payload-analysis ♣️FSB’s matryoshka – Gamaredon’s gifts that keeps unpacking – GammaPhish and GammaWorm 🐈‍⬛Blog 1/3 : https://blog.sekoia.io/fsbs-matryoshka-1-3-gamaredons-gifts-that-keeps-unpacking-gammaphish-and-gammaworm 🐈‍⬛Blog 2/3 : https://blog.sekoia.io/fsbs-matryoshka-2-3-gamaredons-gifts-that-keeps-unpacking-gammaload 🐈‍⬛Blog 3/3 : https://blog.sekoia.io/fsbs-matryoshka-3-3-gamaredons-gifts-that-keeps-unpacking-gammasteel ♣️From Fake Purchase Orders to Remote Access: Analyzing the JS.MonoGlyphRAT Threat to US Enterprises 😐Blog : https://any.run/cybersecurity-blog/monoglyphrat-attacks-us-enterprise ♣️Detecting Nimbus Manticore and their sideloading infection chains 👁‍🗨Blog : https://www.nextron-systems.com/2026/06/01/detecting-nimbus-manticore-and-their-sideloading-infection-chains ♣️MUSTANG PANDA x PLUGX - Analysis of the January 2026 sample: a multi-layer execution chain 👁Blog : https://bluecyber.hashnode.dev/mustang-panda-x-plugx-analysis-of-the-january-2026-sample-a-multi-layer-execution-chain ♣️PHANTOMPULSE: anatomy of a hijackable blockchain-C2 RAT 🐺Blog : https://www.elastic.co/security-labs/blockchain-c2-phantompulse-rat-sinkhole ♣️TA4922: The Suspected Chinese Crime Group is Going Global 😈Blog : https://www.proofpoint.com/us/blog/threat-insight/ta4922-suspected-chinese-crime-group-going-global ♣️Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO 🔪Blog : https://www.fortinet.com/blog/threat-research/inside-cross-platform-propagation-of-new-gafgyt-variant-c0xmo ♣️Impersonation, Click Hijacking, and TDS: Inside a Malware Distribution Ecosystem 🐱Blog : https://research.checkpoint.com/2026/impersonation-click-hijacking-and-tds-inside-a-malware-distribution-ecosystem ♣️KeyCat Stealer Uncovered: Inside a $40 Multi-Platform Infostealer with Telegram C2 and Active Staging Infrastructure 😈Blog : https://flare.io/learn/resources/blog/keycat-stealer-multi-platform-infostealer ♣️From Malspam to Fileless .NET Loader 😈Blog : https://www.huntress.com/blog/malspam-to-loader-delivery-chain-analysis ♣️ReliaQuest's Agentic AI Uncovers New China-Linked Cluster OP-512 😈Blog : https://reliaquest.com/blog/threat-spotlight-reliaquests-agentic-ai-uncovers-new-china-linked-cluster-op-512 ♣️Bait for the commander: we study the attacks of the cyberspy group SiribClone on the Russian military 😶Blog : https://www.f6.ru/blog/siribclone ♣️Operation TaxShadow : Multi-Region Tax Phishing & In-Memory Malware Campaign 😈Blog : https://www.cyfirma.com/research/operation-taxshadow-multi-region-tax-phishing-in-memory-malware-campaign ♣️Don't Fear the Repo: UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency 😈Blog : https://www.proofpoint.com/us/blog/threat-insight/dont-fear-repo-unkdeaddrop-phishing-campaign-targets-developers-steal ♣️AI brands as bait: How threat actors are using the AI hype in social engineering 😈Blog : https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering ⭐️@APTANALYSIS

🌕APTANALYSIS : Threat Review May 24 to June 10 ⭐️@APTANALYSIS

♣️Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware 😈Blog : https://www.trendmicro.com/en_us/research/26/e/analyzing-void-dokkaebi-invisibleferret-malware.html ♣️Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns 😈Blog : https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens ♣️Behind .payload: In-Depth Technical Analysis of Payload Ransomware 💀Blog : https://darkatlas.io/blog/behind-payload-in-depth-technical-analysis-of-payload-ransomware ♣️Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data 💀Blog : https://www.fortinet.com/blog/threat-research/phishing-campaign-deploys-javascript-driven-purelogs-variant-to-steal-sensitive-data ♣️RemotePE: The Lazarus RAT that lives in memory ✨Blog : https://blog.fox-it.com/2026/05/22/remotepe-the-lazarus-rat-that-lives-in-memory ♣️Fluffy Wolf tested new products on Russian companies 💀Blog : https://bi.zone/expertise/blog/fluffy-wolf-ispytal-novinki-na-rossiyskikh-kompaniyakh ♣️forge-jsxy: 22 Versions of an Actively Developed npm RAT 🌀Blog : https://safedep.io/malicious-forge-jsxy-npm-rat-evolution ♣️From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities 💀Blog : https://www.microsoft.com/en-us/security/blog/2026/05/26/poisoned-search-results-gpu-mining-cryptojacking-campaign-abusing-screenconnect-microsoft-net-utilities ♣️The Gentlemen ransomware: Dissecting a self-propagating Go encryptor 😈Blog : https://www.microsoft.com/en-us/security/blog/2026/05/28/the-gentlemen-ransomware-dissecting-a-self-propagating-go-encryptor ♣️ShinyHunters: Silent Malware as a Service (MaaS) 😈Blog : https://ransom-isac.org/blog/shinyhunters-silent-maas ♣️Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure 😈Blog : https://www.wiz.io/blog/threat-actors-target-crypto-orgs ♣️Universities and energy attacks an unknown group, an active minimum since 2024 Blog : https://securelist.ru/unknown-group-targets-maritime-universities/115765 ♣️Operation XENOFISCAL: SideCopy deploying persistent XenoRAT targeting the MoF, Afghanistan 😈Blog : https://www.seqrite.com/blog/operation-xenofiscal-sidecopy-deploying-persistent-xenorat-targeting-the-mof-afghanistan ♣️Operation Dragon Weave : Uncovering a China-Linked Campaign Targeting Czech Republic and Taiwan Using Azure Cloud C2 😈Blog : https://www.seqrite.com/blog/operation-dragon-weave-uncovering-a-china-linked-campaign-targeting-czech-republic-and-taiwan-using-azure-cloud-c2 ♣️Meet DriveSurge: A New Threat Actor Using ClickFix and Fake Update Drive-By Attacks in Thousands of Compromised Sites ❌Blog : https://www.silentpush.com/blog/drivesurge ♣️Inside MicrosoftSystem64: A Supply Chain RAT Exfiltrating to HuggingFace 😈Blog : https://safedep.io/microsoftsystem64-binary-payload-analysis ♣️FSB’s matryoshka – Gamaredon’s gifts that keeps unpacking – GammaPhish and GammaWorm 🐈‍⬛Blog 1/3 : https://blog.sekoia.io/fsbs-matryoshka-1-3-gamaredons-gifts-that-keeps-unpacking-gammaphish-and-gammaworm 🐈‍⬛Blog 2/3 : https://blog.sekoia.io/fsbs-matryoshka-2-3-gamaredons-gifts-that-keeps-unpacking-gammaload 🐈‍⬛Blog 3/3 : https://blog.sekoia.io/fsbs-matryoshka-3-3-gamaredons-gifts-that-keeps-unpacking-gammasteel ♣️From Fake Purchase Orders to Remote Access: Analyzing the JS.MonoGlyphRAT Threat to US Enterprises 😐Blog : https://any.run/cybersecurity-blog/monoglyphrat-attacks-us-enterprise ♣️Detecting Nimbus Manticore and their sideloading infection chains 👁‍🗨Blog : https://www.nextron-systems.com/2026/06/01/detecting-nimbus-manticore-and-their-sideloading-infection-chains ♣️MUSTANG PANDA x PLUGX - Analysis of the January 2026 sample: a multi-layer execution chain 👁Blog : https://bluecyber.hashnode.dev/mustang-panda-x-plugx-analysis-of-the-january-2026-sample-a-multi-layer-execution-chain ♣️PHANTOMPULSE: anatomy of a hijackable blockchain-C2 RAT 🐺Blog : https://www.elastic.co/security-labs/blockchain-c2-phantompulse-rat-sinkhole ♣️TA4922: The Suspected Chinese Crime

👿 sellers and buyers of underground markets 🤬You must have a premium or known account to join. 🤬Fake accounts cannot join. 😂Underground market accounts will be verified quickly. https://t.me/+58XWHpQvOhRkODhk

💀Monthly collection ♣️Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud 💀Blog : https://www.trendmicro.com/en_us/research/26/e/banana-rat.html ♣️Microsoft’s MSHTA Legacy Tool Still Powers Malware Campaigns on Windows 💀Blog : https://www.bitdefender.com/en-us/blog/labs/microsofts-mshta-legacy-malware-windows ♣️Coruna Respawned: Compromised art-template npm Package Leads to iOS Browser Exploit Kit 💀Blog : https://socket.dev/blog/coruna-respawned-compromised-art-template-npm-package ♣️Gamaredon’s infection chain: Spoofed emails, GammaDrop and GammaLoad 💀Blog : https://harfanglab.io/insidethelab/gamaredon-gammadrop-gammaload ⭐️@APTANALYSIS

🌟Stealer & Ransom Analysis Collection ♣️Phantom Stealer Analysis: Inside the Two-Layer Attack Chain Hidden Behind a Windows DLL ⚫Blog : https://darkatlas.io/blog/phantom-stealer-analysis-inside-the-two-layer-attack-chain-hidden-behind-a-windows-dll ♣️Amatera Stealer 4.0.2 Beta: What's New in This Variant ⚫Blog : https://www.esentire.com/blog/amatera-stealer-4-0-2-beta-whats-new-in-this-variant ♣️crpx0 Ransomware Operations | Double Extortion, Crypto Theft, and Network Footprint ⚫Blog : https://www.aryaka.com/docs/reports/crpx0-ransomware-operations-report.pdf ⭐️@APTANALYSIS

♣️INJ3CTOR3’s Self-Healing FreePBX Toll Fraud Campaign 👶Blog : https://cyble.com/blog/jomangy-inj3ctor3s-self-healing-freepbx-toll-fraud-campaign ⭐️@APTANALYSIS

♣️UAC-0244 / UAC-0247: Malware Targeting FPV drone operators 🖤Blog : https://blog.synapticsystems.de/uac-0247-malware-targeting-fpv-operators ♣️UAC-0184: From HTA to a Signed Network Stack 🖤Blog : https://blog.synapticsystems.de/uac-0184-from-hta-to-a-signed-network-stack ⭐️@APTANALYSIS

🦅Nighthawk C2Janus 0.4 🕹 Lifetime : 7500$ -> 5000$ 🌟@ThreatMarketBot

▶️APT IRAN ( New Channel ) : ▶️https://t.me/+6EzmY-eAkLFkZWYy

🌟Полный пакет программного обеспечения для управления файлами cookie {новое обновление} будет доступен в ближайшее время. 🇷🇺Channel : @ThreatMarket

APT IRAN: https://t.me/+EMayLd_DiV43ZTM6

🦇 SPECIAL CARGO IS COMING 😈We're about to host something extraordinary! 👁The ultimate, hand-picked collection of Red Team and Offensive Security courses is on its way. From zero to hero, for all skill levels (beginner to advanced). If you want to shine in the world of Offensive Security, this is the opportunity you've been waiting for! 🟥 An educational bomb-complete and flawless. 🤤 Coming soon to Threat Market . . . 😅@ThreatMarket

🖤THREAT MARKET Website Здесь продаются логи, инструменты для работы с данными, доступы и всё, что обращается в тени подпольных рынков - без имён и без следов. 😈Site : https://threatmarket.ru 👹Bot : @ThreatMarketBot

💀Hot headlines over the past week ♣️How ClickFix Opens the Door to Stealthy StealC Information Stealer 💿Blog : https://www.levelblue.com/blogs/spiderlabs-blog/how-clickfix-opens-the-door-to-stealthy-stealc-information-stealer ♣️Odyssey Stealer: Inside a macOS Crypto-Stealing Operation ⏳Blog : https://censys.com/blog/odyssey-stealer-macos-crypto-stealing-operation ♣️Lotus Blossom (G0030) and the Notepad++ Supply-Chain Espionage Campaign 🟥Blog : https://dti.domaintools.com/research/lotus-blossom-and-the-notepad-supply-chain-espionage-campaign ♣️LummaStealer Is Getting a Second Life Alongside CastleLoader 🌎Blog : https://www.bitdefender.com/en-us/blog/labs/lummastealer-second-life-castleloader ♣️LockBit strikes with new 5.0 version, targeting Windows, Linux and ESXI systems 🔮Blog : https://www.acronis.com/en/tru/posts/lockbit-strikes-with-new-50-version-targeting-windows-linux-and-esxi-systems ⭐️@APTANALYSIS

♣️Tenant from Hell: Prometei's Unauthorized Stay in Your Windows Server 🖥Blog : https://www.esentire.com/blog/tenant-from-hell-prometeis-unauthorized-stay-in-your-windows-server ⭐️@APTANALYSIS

♣️Inside Gunra RaaS: From Affiliate Recruitment on the Dark Web to Full Technical Dissection of their Locker 🍎Blog : https://www.cloudsek.com/blog/inside-gunra-raas-from-affiliate-recruitment-on-the-dark-web-to-full-technical-dissection-of-their-locker ⭐️@APTANALYSIS

♣️Detecting Russian Threats to Critical Energy Infrastructure 🔬Blog : https://www.truesec.com/hub/blog/detecting-russian-threats-to-critical-energy-infrastructure ⭐️@APTANALYSIS

♣️Deep Dive into New XWorm Campaign Utilizing Multiple-Themed Phishing Emails 👮‍♀Blog : https://www.fortinet.com/blog/threat-research/deep-dive-into-new-xworm-campaign-utilizing-multiple-themed-phishing-emails ⭐️@APTANALYSIS

♣️When Malware Talks Back 🌐Blog : https://www.pointwild.com/threat-intelligence/when-malware-talks-back ⭐️@APTANALYSIS