📃Title: Threat Actors Weaponize Tiflux RMMs in Malspam Attacks
📅Date: 2026-05-07
🔗References:
https://www.huntress.com/blog/tiflux-rmm-install

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="intrusion-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Huntress"
mitre-attack-pattern=['T1113', 'T1036.005', 'T1204.002', 'T1543.003', 'T1566.002', 'T1082', 'T1219', 'T1112', 'T1070.001', 'T1552.001', 'T1547.001', 'T1562.001', 'T1078', 'T1068', 'T1027', 'T1573', 'T1071.001', 'T1574.002']

MISP event uuid: 66e683a8-e077-43de-b903-1a8d01c2429d

📃Title: PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale
📅Date: 2026-05-07
🔗References:
https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="supply-chain"
• topic="cloud"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="SentinelOne"
mitre-attack-pattern=['T1613', 'T1132.001', 'T1552.005', 'T1053.003', 'T1021.004', 'T1190', 'T1525', 'T1552.004', 'T1087', 'T1609', 'T1083', 'T1552.001', 'T1041', 'T1212', 'T1059.004', 'T1078', 'T1027', 'T1570', 'T1059.006', 'T1071.001', 'T1543.002', 'T1046', 'T1105', 'T1552.007']

MISP event uuid: 695fc11f-d4b5-4df4-8563-1b8a8a3a8c7d

📃Title: Custom Attack Tooling Including Undisclosed C2 Infrastructure Targeting Malaysian Organizations
📅Date: 2026-05-15
🔗References:
https://oasis-security.io/blog/malaysian-government-with-undisclosed-c2-infrastructure

🔖Rectifyq Taxonomies:
Relevancy: 🔴 Highly Relevant
Category: ⚔ Threat
• sub-category="infra-profile"
• target="targeted"
• mitre-att&ck="none-from-src"
• action-taken="VT-comment"

🔖MISP Galaxies:
• target-information="Malaysia"
• sector="Government, Administration"
• online-service="8206e5d7-9189-4d8b-855d-339fa45e9c47"
mitre-attack-pattern=['T1100', 'T1505.003', 'T1552.001', 'T1567.002', 'T1190', 'T1587.001', 'T1003.003', 'T1059.001', 'T1059.006', 'T1003.002', 'T1071.001', 'T1021.006']

MISP event uuid: a30d2c51-b056-4b55-ad4d-971722af82d8

📃Title: 5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer
📅Date: 2026-05-06
🔗References:
https://socket.dev/blog/5-malicious-nuget-packages-impersonate-chinese-ui-libraries

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="crypto-related"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1056.001', 'T1539', 'T1204.002', 'T1497.001', 'T1082', 'T1106', 'T1005', 'T1140', 'T1055', 'T1560', 'T1555.003', 'T1055.013', 'T1059', 'T1083', 'T1552.001', 'T1041', 'T1027', 'T1195.002', 'T1071.001']

MISP event uuid: fd4d5ee1-41ff-493f-bb7b-8f5a25b1c947

📃Title: Donuts and Beagles: Fake Claude site spreads backdoor
📅Date: 2026-05-07
🔗References:
https://www.sophos.com/en-us/blog/donuts-and-beagles-fake-claude-site-spreads-backdoor

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="ai"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Sophos"
mitre-attack-pattern=['T1573.001', 'T1106', 'T1140', 'T1059', 'T1083', 'T1204', 'T1041', 'T1547.001', 'T1566', 'T1027', 'T1132', 'T1070.004', 'T1071.001', 'T1574.002', 'T1105']

MISP event uuid: 7865b246-7bcb-4626-aabe-c50b31d21a89

📃Title: Fake call logs, real payments: How CallPhantom tricks Android users
📅Date: 2026-05-07
🔗References:
https://www.welivesecurity.com/en/eset-research/fake-call-logs-real-payments-how-callphantom-tricks-android-users/

🔖Rectifyq Taxonomies:
Relevancy: 🟡 Somewhat Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• sub-category="malware-analysis"
• topic="mobile-attack"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="ESET"
• target-information="India"
• region="142 - Asia"
mitre-attack-pattern=['T1643', 'T1437.001']

MISP event uuid: ba57e423-eb23-4cc7-88af-cde6f2ad2e53

📃Title: Operation GriefLure: Dissecting an APT Campaign Targeting Vietnam's Military Telecom & Philippine Healthcare
📅Date: 2026-05-07
🔗References:
https://www.seqrite.com/blog/operation-grieflure-dissecting-an-apt-campaign-targeting-vietnams-military-telecom-philippine-healthcare/

🔖Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• TA-category="APT"
• target="targeted"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Seqrite"
• target-information="Philippines"
• target-information="Vietnam"
• sector="Health"
• sector="Military"
• sector="Telecoms"
mitre-attack-pattern=['T1113', 'T1574.007', 'T1547', 'T1204.002', 'T1566.001', 'T1082', 'T1005', 'T1036', 'T1218', 'T1555.003', 'T1134.002', 'T1020', 'T1083', 'T1552.001', 'T1057', 'T1041', 'T1027', 'T1573', 'T1518.001', 'T1059.003', 'T1071.001', 'T1574.002', 'T1564.004', 'T1055.001']

MISP event uuid: 959e2151-f389-4d99-bea5-635a5f3fc2c8

📃Title: Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
📅Date: 2026-05-06
🔗References:
https://unit42.paloaltonetworks.com/captive-portal-zero-day/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: 💉 Vulnerability
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• sub-category="zero-day"
• target="broad-based"
• mitre-att&ck="from-original-src"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Palo Alto"
mitre-attack-pattern=['T1498.001', 'T1087.002', 'T1021.004', 'T1071', 'T1190', 'T1055', 'T1572', 'T1070.001', 'T1016', 'T1090', 'T1098', 'T1562.001', 'T1078', 'T1068', 'T1078.002', 'T1070.004', 'T1071.001', 'T1018', 'T1105', 'T1021.001']

MISP event uuid: 8e814525-08af-4e45-a9b3-9402b98b3e88

📃Title: ClickFix campaign uses fake macOS utilities lures to deliver infostealers
📅Date: 2026-05-06
🔗References:
https://www.microsoft.com/en-us/security/blog/2026/05/06/clickfix-campaign-uses-fake-macos-utilities-lures-deliver-infostealers/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Microsoft"
mitre-attack-pattern=['T1059.007', 'T1539', 'T1555.001', 'T1082', 'T1059.002', 'T1005', 'T1140', 'T1036', 'T1560', 'T1543.004', 'T1555.003', 'T1087', 'T1083', 'T1552.001', 'T1204', 'T1041', 'T1574', 'T1027', 'T1614', 'T1543.001']

MISP event uuid: 8a797443-5fc5-4804-b43f-77813c7ad5e8

📃Title: TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook
📅Date: 2026-05-07
🔗References:
https://www.elastic.co/security-labs/tclbanker-brazilian-banking-trojan

🔖Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: ⚔ Threat
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• target="broad-based"
• mitre-att&ck="from-original-src"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Elastic"
• target-information="Brazil"
• sector="Bank"
mitre-attack-pattern=['T1010', 'T1185', 'T1115', 'T1574.002', 'T1622', 'T1140', 'T1562.001', 'T1105', 'T1056.001', 'T1114.001', 'T1218.007', 'T1106', 'T1027', 'T1059.001', 'T1057', 'T1055', 'T1053.005', 'T1113', 'T1566.001', 'T1497.001', 'T1082', 'T1614.001', 'T1529', 'T1497.003', 'T1056.003', 'T1071.001', 'T1102', 'T1059.003']

MISP event uuid: 31e26c64-8653-4eb8-9977-4da1d6c0cc22

📃Title: AI-Assisted Lure Factory Targets Developers & Gamers
📅Date: 2026-03-23
🔗References:
https://www.netskope.com/blog/openclaw-trap-ai-assisted-lure-factory-targets-developers-gamers

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="ai"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Netskope"
mitre-attack-pattern=[]

MISP event uuid: 3877fbbc-045c-47b7-88fb-f08151c3461c

📃Title: Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns
📅Date: 2026-05-07
🔗References:
https://www.cyfirma.com/research/abuse-of-cloud-native-infrastructure-in-modern-phishing-campaigns/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="cloud"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Cyfirma"
mitre-attack-pattern=['T1557', 'T1059.007', 'T1566.002', 'T1566.001', 'T1119', 'T1567', 'T1583.004', 'T1114.003', 'T1584', 'T1102', 'T1528', 'T1027', 'T1078.004', 'T1556']

MISP event uuid: 47aa313e-d63c-41b0-9e9b-37dc020ba38e

📃Title: Technical Advisory: Breach of Instructure Canvas LMS
📅Date: 2026-05-09
🔗References:
https://businessinsights.bitdefender.com/technical-advisory-shinyhunters-breach-instructure-canvas-lms

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: 💥 Data Breach
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• TA-category="APT"
• target="targeted"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Bitdefender"
• target-information="United States"
• target-information="Australia"
• target-information="United Kingdom"
• threat-actor="ShinyHunters"
mitre-attack-pattern=['T1557', 'T1539', 'T1114', 'T1594', 'T1530', 'T1550', 'T1589', 'T1586', 'T1528', 'T1591', 'T1590', 'T1199', 'T1566', 'T1078', 'T1486', 'T1598', 'T1213', 'T1485', 'T1078.004', 'T1556']

MISP event uuid: 8b1cc71b-0ea8-4adb-b274-dc6938e0a183

📃Title: OPERATION SILENTCANVAS: JPEG BASED MULTISTAGE POWERSHELL INTRUSION
📅Date: 2026-05-09
🔗References:
https://www.cyfirma.com/research/operation-silentcanvas-jpeg-based-multistage-powershell-intrusion/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• mitre-att&ck="from-OTX"
• sub-category="malware-analysis"
• sub-category="campaign-analysis"
• target="broad-based"
• detection-rules="yara-from-src"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Cyfirma"
mitre-attack-pattern=['T1087', 'T1123', 'T1548.002', 'T1115', 'T1553.002', 'T1027.010', 'T1027.004', 'T1555', 'T1562.001', 'T1573', 'T1041', 'T1070.004', 'T1564.001', 'T1105', 'T1056', 'T1056.001', 'T1136.001', 'T1127.001', 'T1204.002', 'T1036.008', 'T1036.005', 'T1112', 'T1027', 'T1059.001', 'T1219', 'T1021', 'T1113', 'T1518.001', 'T1566.001', 'T1218', 'T1082', 'T1529', 'T1134.001', 'T1497', 'T1071.001', 'T1047', 'T1543.003']

MISP event uuid: 7cfaa038-80a3-4812-9a1a-2df64b55ab01

📃Title: Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans
📅Date: 2026-05-11
🔗References:
https://blog.xlab.qianxin.com/mr_rot13-the-elusive-6-year-hacker-group-weaponizing-critical-cpanel-flaws-for-backdoor-deployment_cn/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: 💉 Vulnerability
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• sub-category="critical-vuln"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1059.007', 'T1119', 'T1005', 'T1140', 'T1190', 'T1219', 'T1070.006', 'T1505.003', 'T1083', 'T1552.003', 'T1552.001', 'T1041', 'T1136.003', 'T1098', 'T1059.004', 'T1078', 'T1027', 'T1567.002', 'T1071.001', 'T1543.002', 'T1136']

MISP event uuid: 2e1d4c8d-0459-4f69-be67-e0bc6a6633fd

📃Title: Needle: Inside a Modular Crypto-Stealing C2 That Left Its Keys in the Malware
📅Date: 2026-05-11
🔗References:
https://beelzebub.ai/blog/needle-c2-crypto-stealer-analysis/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="malware-analysis"
• topic="crypto-related"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1056.001', 'T1539', 'T1036.005', 'T1204.002', 'T1566.001', 'T1082', 'T1005', 'T1140', 'T1185', 'T1112', 'T1555.003', 'T1497', 'T1041', 'T1547.001', 'T1056.002', 'T1027', 'T1573', 'T1518.001', 'T1071.001']

MISP event uuid: ddaa6a5b-b336-4e40-bd89-a509c2d2a561

📃Title: Inside a phishing panel
📅Date: 2026-05-07
🔗References:
https://pushsecurity.com/blog/inside-criminal-phishing-panel

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="infra-profile"
• sub-category="campaign-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

MISP event uuid: 6a96a11f-279c-4a64-aef7-4be5b9f681a9

📃Title: Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
📅Date: 2026-04-29
🔗References:
https://www.darktrace.com/blog/darktrace-malware-analysis-jenkins-honeypot-reveals-emerging-botnet-targeting-online-games

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="intrusion-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1498.001', 'T1059.007', 'T1036.005', 'T1489', 'T1498.002', 'T1190', 'T1036', 'T1562.004', 'T1036.004', 'T1059.004', 'T1204.003', 'T1571', 'T1027', 'T1095', 'T1070.004', 'T1071.001', 'T1543.002', 'T1105']

MISP event uuid: 05b20c75-5ab1-49a2-9982-73d1a399edd9