♣️Malware installed using the Ivanti Connect Secure vulnerability
⚗️Blog : https://blogs.jpcert.or.jp/ja/2025/02/spawnchimera.html
♣️You've Got Malware: FINALDRAFT Hides in Your Drafts
⚗️Blog : https://www.elastic.co/security-labs/finaldraft
♣️RevivalStone: Winnti Group's attack campaign targeting Japanese organizations
⚗️Blog : https://www-lac-co-jp.translate.goog/lacwatch/report/20250213_004283.html
♣️Digital Breadcrumbs in Memory: Unmasking a Web Server Compromise
⚗️Blog : https://www.securityblue.team/blog/posts/digital-breadcrumbs-memory-web-server-compromise
♣️CTO at NCSC Summary: week ending February 16th
⚗️Blog : https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-february-db4
♣️Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
⚗️Blog : https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication
♣️Lazarus Backdoor with IT Lure
⚗️Blog : https://dmpdump.github.io/posts/Lazarus-Backdoor-ITLure/
♣️MAC(B)ypassing for Persistence
⚗️Blog : https://medium.com/@hacksplaining/mac-b-ypassing-for-persistence-22e425ca7c85
♣️Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
⚗️Blog : https://socket.dev/blog/malicious-package-exploits-go-module-proxy-caching-for-persistence
♣️Lurking in the shadows: Unsupervised decoding of beaconing communication for enhanced cyber threat hunting
⚗️Blog : https://www.sciencedirect.com/science/article/pii/S1084804525000244
⭐️@APTANALYSIS

♣️Velvet Chollima APT Adversary Simulation
🙂Blog : https://github.com/S3N4T0R-0X0/APT-Attack-Simulation/tree/main/North%20Koreans%20APT/Velvet%20Chollima
🔥Blog : https://medium.com/@S3N4T0R/labyrinth-chollima-apt-adversary-simulation-b4f6a79bb68f
♣️Concealing Payloads: Hiding Shellcode in Image Files with Python and C/C++
🐍Blog : https://wafflesexploits.github.io/posts/Hide_a_Payload_in_Plain_Sight_Embedding_Shellcode_in_a_Image_file/
🩸Repo : https://github.com/WafflesExploits/hide-payload-in-images
⭐️@APTANALYSIS

♣️Unraveling the Many Stages and Techniques Used by RedCurl/EarthKapre APT
#️⃣Blog : https://www.esentire.com/blog/unraveling-the-many-stages-and-techniques-used-by-redcurl-earthkapre-apt
♣️How to check for OAuth apps with specific Graph permissions assigned
#️⃣Blog : https://jeffreyappel.nl/how-to-check-for-oauth-apps-with-specific-graph-permissions-assigned/
♣️Writing a Ghidra processor module
#️⃣Blog : https://irisc-research-syndicate.github.io/2025/02/14/writing-a-ghidra-processor-module/
♣️Infostealing Malware Infections in the U.S. Military & Defense Sector: A Cybersecurity Disaster in the Making
#️⃣Blog : https://www.infostealers.com/article/infostealing-malware-infections-in-the-u-s-military-defense-sector-a-cybersecurity-disaster-in-the-making/
♣️Breaking the Chain: Wiz Uncovers a Signature Verification Bypass in Nuclei, the Popular Vulnerability Scanner (CVE-2024-43405)
#️⃣Blog : https://www.wiz.io/blog/nuclei-signature-verification-bypass
♣️How Wiz found a Critical NVIDIA AI vulnerability:  Deep Dive into a container escape (CVE-2024-0132)
#️⃣Blog : https://www.wiz.io/blog/nvidia-ai-vulnerability-deep-dive-cve-2024-0132
♣️Debugging An Undebuggable App
#️⃣Blog : https://bryce.co/undebuggable/
⭐️@APTANALYSIS

♣️BTMOB RAT: Newly Discovered Android Malware Spreading via Phishing Sites
♣️Hunters International Ransomware: Tactics, Impact, and Defense Strategies
♣️Threat updates: AidLocker/Frag - new variants of HellCat/Morpheus ransomware
♣️Dark Web Profile: Fog Ransomware
♣️Merlin, Loki buddy: another agent for Mythic attacks Russian companies
♣️JavaScript to Command-and-Control (C2) Server Malware
♣️Magento Credit Card Stealer Disguised in an <img> Tag
♣️New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs
♣️Ransomware Roundup – Lynx
♣️ Hey SDDL SDDL: Breaking Down Windows Security One ACE at a Time
♣️Qilin Ransomware: Exposing the TTPs Behind One of the Most Active Ransomware Campaigns of 2024
♣️Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks
♣️Don’t Ghost the SocGholish: GhostWeaver Backdoor
♣️Lumma Stealer Chronicles: PDF-themed Campaign Using Compromised Educational Institutions' Infrastructure
♣️LDAPNightmare Spoof Stealer
⭐️@APTANALYSIS

♣️Все резервные копии были загружены в канал Telegram Black Market, и с этого момента вы можете получить доступ к этим материалам только по следующей ссылке. Также эти файлы будут обновляться, и к ним будут добавляться другие элементы.
所有备份文件已上传到Telegram频道Black Market，从现在开始，您只能通过以下链接访问这些内容。此外，这些文件将会被更新，并且会添加其他内容。
https://t.me/c/2254860811/492
⭐️@APTANALYSIS

♣️Evading Microsoft Defender
🤷Blog : https://blog.shellntel.com/p/evading-microsoft-defender
⭐️@APTANALYSIS

♣️CVE-2022-31199 : NETWRIX AUDITOR ADVISORY SUMMARY
👁Blog : https://bishopfox.com/blog/netwrix-auditor-advisory
♣️CVE-2025-1094 : PostgreSQL SQLi
👁Blog : [Emulation] [Repo2] [3]
⭐️@APTANALYSIS

♣️By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)
👁Blog : https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in-veeam-backup-replication-cve-2025-23120/
⭐️@APTANALYSIS

♣️IngressNightmare : Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX
✨CVE-2025-1097
👁‍🗨CVE-2025-1098
🔪CVE-2025-24514
😐CVE-2025-1974
🚬Blog : https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
⭐️@APTANALYSIS

♣️C2 Redirectors: Advanced Infrastructure for Modern Red Team Operations
👹Blog : https://xbz0n.sh/blog/c2-redirectors
⭐️@APTANALYSIS

♣️Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor's Infrastructure
🔥Blog : https://www.resecurity.com/blog/article/blacklock-ransomware-a-late-holiday-gift-with-intrusion-into-the-threat-actors-infrastructure
⭐️@APTANALYSIS

♣️wsrp4echo - 0day Chain Vulnerability
🔥Blog : https://medium.com/@aryanchehreghani/wsrp4echo-0day-chain-vulnerability-fd2c395dc45b
⭐️@APTANALYSIS

♣️Bypassing Windows Defender antivirus in 2025. Using Direct Syscalls and XOR encryption.
🎩Part 1 : https://www.hackmosphere.fr/bypass-windows-defender-antivirus-2025-part-1/
🎩Part 2 :
https://www.hackmosphere.fr/bypass-windows-defender-antivirus-2025-part-2/
⭐️@APTANALYSIS

♣️Operation SyncHole: Lazarus APT goes back to the well
💀Blog : https://securelist.com/operation-synchole-watering-hole-attacks-by-lazarus/116326
⭐️@APTANALYSIS

♣️Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations
👼Blog : https://www.trendmicro.com/en_us/research/25/d/russian-infrastructure-north-korean-cybercrime.html
⭐️@APTANALYSIS

♣️Buhtrap Watch Wolf
🪶Download (pdf)
⭐️@APTANALYSIS

♣️Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs
🤡Blog : https://blog.talosintelligence.com/introducing-toymaker-an-initial-access-broker
⭐️@APTANALYSIS

♣️Triada strikes back
🐱Blog : https://securelist.com/triada-trojan-modules-analysis/116380
⭐️@APTANALYSIS

♣️Contagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio of Malware: BeaverTail, InvisibleFerret, and OtterCookie
🐰Blog : https://www.silentpush.com/blog/contagious-interview-front-companies
⭐️@APTANALYSIS