📃Title: Inside a phishing panel
📅Date: 2026-05-07
🔗References:
https://pushsecurity.com/blog/inside-criminal-phishing-panel

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="infra-profile"
• sub-category="campaign-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

MISP event uuid: 6a96a11f-279c-4a64-aef7-4be5b9f681a9

📃Title: Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
📅Date: 2026-04-29
🔗References:
https://www.darktrace.com/blog/darktrace-malware-analysis-jenkins-honeypot-reveals-emerging-botnet-targeting-online-games

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="intrusion-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1498.001', 'T1059.007', 'T1036.005', 'T1489', 'T1498.002', 'T1190', 'T1036', 'T1562.004', 'T1036.004', 'T1059.004', 'T1204.003', 'T1571', 'T1027', 'T1095', 'T1070.004', 'T1071.001', 'T1543.002', 'T1105']

MISP event uuid: 05b20c75-5ab1-49a2-9982-73d1a399edd9

📃Title: Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America
📅Date: 2026-05-11
🔗References:
https://www.trendmicro.com/en_us/research/26/e/vibe-hacking-two-ai-augmented-campaigns-target-government-and-financial-sectors-in-latin-america.html

🔖Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="ai"
• TA-category="APT"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Trend Micro"
• target-information="Brazil"
• target-information="Mexico"
• sector="Finance"
• sector="Government, Administration"
mitre-attack-pattern=['T1087', 'T1071', 'T1588.007', 'T1020', 'T1059', 'T1552.001', 'T1213', 'T1482', 'T1041', 'T1190', 'T1203', 'T1068', 'T1210', 'T1187', 'T1590', 'T1654', 'T1036', 'T1046', 'T1003', 'T1110.003', 'T1057', 'T1572', 'T1090', 'T1018', 'T1021.004', 'T1053', 'T1082', 'T1595', 'T1136.002', 'T1484.001', 'T1136.001', 'T1550.002', 'T1021.002']

MISP event uuid: 4bd6144b-8063-4593-be7f-804bc865ebf9

📃Title: Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware
📅Date: 2026-05-11
🔗References:
https://thedfirreport.com/2026/05/11/flash-alert-etherrat-and-tuktuk-c2-end-in-the-gentleman-ransomware/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="intrusion-analysis"
• TA-category="Ransomware"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="The DFIR Report"
• malpedia="EtherRAT"
• ransomware="the gentlemen"
mitre-attack-pattern=['T1069', 'T1082', 'T1218.007', 'T1567', 'T1219', 'T1055', 'T1021.002', 'T1070.001', 'T1003.001', 'T1087', 'T1482', 'T1204', 'T1059.001', 'T1547.001', 'T1566', 'T1027', 'T1486', 'T1059.003', 'T1018', 'T1021.001', 'T1003.003', 'T1558.003', 'T1490']

MISP event uuid: c9a7d245-784e-435c-8a24-809ff55ecb70

📃Title: Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication
📅Date: 2026-05-07
🔗References:
https://www.levelblue.com/blogs/spiderlabs-blog/unmasking-a-multi-stage-loader-autoit-abuse-leading-to-vidar-stealer-command-and-control-communication

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• mitre-att&ck="from-OTX"
• sub-category="intrusion-analysis"
• target="targeted"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• malpedia="Vidar"
• malpedia="Zebrocy (AutoIT)"
mitre-attack-pattern=['T1489', 'T1204.002', 'T1082', 'T1071', 'T1140', 'T1036', 'T1055', 'T1218', 'T1059', 'T1083', 'T1497', 'T1057', 'T1041', 'T1562.001', 'T1027', 'T1573', 'T1059.003', 'T1070.004', 'T1071.001', 'T1105']

MISP event uuid: 1a9ab7c4-5788-46dd-b491-c8faf4fe0781

📃Title: Website installer incident (May 2026)
📅Date: 2026-05-11
🔗References:
https://jdownloader.org/incident_8.5.2026.html?v=20260508277000

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="intrusion-analysis"
• topic="supply-chain"
• target="targeted"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1036.005', 'T1204.002', 'T1608.001', 'T1195', 'T1036', 'T1505.003', 'T1059', 'T1608', 'T1204', 'T1554', 'T1566', 'T1059.004', 'T1078', 'T1027', 'T1486', 'T1195.002', 'T1505', 'T1485', 'T1189', 'T1490']

MISP event uuid: 60647f90-8d16-4246-8004-22427c2e3a19

📃Title: Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw
📅Date: 2026-04-30
🔗References:
https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="ai"
• topic="supply-chain"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• malpedia="AMOS"
mitre-attack-pattern=['T1053.005', 'T1218.011', 'T1082', 'T1106', 'T1140', 'T1036', 'T1055', 'T1112', 'T1497', 'T1204', 'T1059.001', 'T1547.001', 'T1566', 'T1562.001', 'T1055.012', 'T1027', 'T1573', 'T1070.004', 'T1071.001', 'T1564.001']

MISP event uuid: d687c053-f835-4b54-b42e-236245f54439

📃Title: Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign
📅Date: 2026-05-12
🔗References:
https://www.security.com/threat-intelligence/iran-seedworm-electronics

🔖Rectifyq Taxonomies:
Relevancy: 🟡 Somewhat Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• TA-category="APT"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Symantec"
• target-information="Argentina"
• target-information="Bahrain"
• target-information="Brazil"
• target-information="Chile"
• target-information="Colombia"
• target-information="Indonesia"
• target-information="Kuwait"
• target-information="Malaysia"
• target-information="Mexico"
• target-information="Oman"
• target-information="Philippines"
• target-information="Qatar"
• target-information="Saudi Arabia"
• target-information="Singapore"
• target-information="Thailand"
• target-information="United Arab Emirates"
• country="iran"
• target-information="South Korea"
• threat-actor="MuddyWater"
• sector="Education"
• sector="Electronic"
• sector="Finance"
• sector="Industrial"
• sector="Manufacturing"
• region="035 - South-eastern Asia"
mitre-attack-pattern=['T1113', 'T1033', 'T1003.002', 'T1087.002', 'T1087.001', 'T1135', 'T1082', 'T1003.001', 'T1016', 'T1049', 'T1552.001', 'T1041', 'T1059.001', 'T1547.001', 'T1078', 'T1068', 'T1567.002', 'T1518.001', 'T1543.001', 'T1059.003', 'T1071.001', 'T1574.002', 'T1055.001', 'T1090.001']

MISP event uuid: d2f29648-4ca4-4b5d-82e6-43bdb7cb4c34

📃Title: TanStack npm Packages Compromised in Ongoing Supply-Chain Attack
📅Date: 2026-05-11
🔗References:
https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="supply-chain"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• malpedia="Shai-Hulud"
mitre-attack-pattern=['T1059.007', 'T1552.005', 'T1036.005', 'T1543.003', 'T1574.006', 'T1552.001', 'T1528', 'T1098.001', 'T1087.004', 'T1136.003', 'T1204.003', 'T1195.002', 'T1573.002', 'T1071.001', 'T1105', 'T1550.001', 'T1078.004', 'T1552.007']

MISP event uuid: 6f0fb181-17f2-47c8-b4ce-24d302f8d931

📃Title: LBIOC-20260071 - The Gentlemens Leak
📅Date: 2026-05-13
🔗References:
https://radar.offseq.com/threat/lbioc-20260071-the-gentlemens-leak-c18cd0f4

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="TA-profile"
• sub-category="campaign-analysis"
• TA-category="Ransomware"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• ransomware="the gentlemen"
mitre-attack-pattern=['T1071', 'T1059', 'T1486', 'T1573', 'T1083', 'T1105', 'T1490', 'T1027', 'T1057', 'T1090', 'T1018', 'T1489', 'T1082', 'T1016', 'T1049', 'T1569', 'T1529', 'T1204', 'T1497', 'T1047']

MISP event uuid: 7deedbeb-d693-43a5-a067-afbaf9b06834

📃Title: Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign
📅Date: 2026-05-13
🔗References:
https://www.genians.co.kr/en/blog/threat_intelligence/python?hsCtaAttrib=343278473915

🔖Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="ai"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1059.006', 'T1566']

MISP event uuid: faffe042-8de6-4d2b-8e2b-960e0afc09c7

📃Title: ClickFix Evolves with PySoxy Proxying
📅Date: 2026-05-12
🔗References:
https://reliaquest.com/blog/threat-spotlight-clickfix-evolves-with-pysoxy-proxying

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="intrusion-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1053.005', 'T1033', 'T1074.001', 'T1087.002', 'T1204.002', 'T1573.001', 'T1069.002', 'T1135', 'T1140', 'T1090', 'T1482', 'T1041', 'T1059.001', 'T1547.001', 'T1027', 'T1059.006', 'T1070.004', 'T1071.001', 'T1018', 'T1105']

MISP event uuid: 1af217fa-683f-4945-a924-640716449a80

📃Title: Thus Spoke…The Gentlemen
📅Date: 2026-05-13
🔗References:
https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="TA-profile"
• TA-category="Ransomware"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Check Point"
• target-information="United Kingdom"
• ransomware="the gentlemen"
mitre-attack-pattern=['T1003', 'T1133', 'T1489', 'T1562', 'T1190', 'T1219', 'T1550', 'T1560', 'T1021', 'T1070', 'T1083', 'T1049', 'T1210', 'T1048', 'T1566', 'T1078', 'T1068', 'T1486', 'T1018', 'T1490']

MISP event uuid: 60c42d6c-2f80-48b1-bb63-f22d18770621

📃Title: Disclosing new PebbleDash-based tools
📅Date: 2026-05-14
🔗References:
https://securelist.com/kimsuky-appleseed-pebbledash-campaigns/119785/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• TA-category="APT"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Kaspersky"
• threat-actor="Kimsuky"
• target-information="Brazil"
• target-information="Germany"
• target-information="South Korea"
• sector="Defense"
• sector="Government, Administration"
• malpedia="Appleseed"
• malpedia="PEBBLEDASH"
mitre-attack-pattern=['T1053.005', 'T1113', 'T1132.001', 'T1056.001', 'T1204.002', 'T1573.001', 'T1543.003', 'T1566.001', 'T1005', 'T1140', 'T1219', 'T1055', 'T1112', 'T1041', 'T1059.001', 'T1547.001', 'T1027', 'T1059.003', 'T1071.001', 'T1090.001']

MISP event uuid: 0d8d2f88-341b-4ee7-ae73-5113a3f9d3db

📃Title: Device Code Phishing is an Evolution in Identity Takeover
📅Date: 2026-05-13
🔗References:
https://www.proofpoint.com/us/blog/threat-insight/device-code-phishing-evolution-identity-takeover

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Proofpoint"
mitre-attack-pattern=['T1539', 'T1114', 'T1204.002', 'T1566.002', 'T1598.003', 'T1566.001', 'T1185', 'T1087', 'T1528', 'T1204', 'T1534', 'T1566', 'T1078', 'T1486', 'T1598', 'T1213', 'T1204.001', 'T1078.004', 'T1566.003']

MISP event uuid: 402e1b2f-0ec7-4c71-a016-c3cc30ff9204

📃Title: Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
📅Date: 2026-05-15
🔗References:
https://unit42.paloaltonetworks.com/gremlin-stealer-evolution/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="malware-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Palo Alto"
• malpedia="Gremlin"
mitre-attack-pattern=['T1056.001', 'T1539', 'T1115', 'T1082', 'T1106', 'T1005', 'T1140', 'T1567', 'T1552', 'T1032', 'T1185', 'T1555.003', 'T1027.001', 'T1528', 'T1041', 'T1027', 'T1081', 'T1567.002', 'T1027.002', 'T1071.001']

MISP event uuid: 6cc3f205-3931-4e73-a46d-b5a657ab4949

📃Title: Kazuar: Anatomy of a nation-state botnet
📅Date: 2026-05-14
🔗References:
https://www.microsoft.com/en-us/security/blog/2026/05/14/kazuar-anatomy-of-a-nation-state-botnet/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="malware-analysis"
• TA-category="APT"
• TA-category="State-Sponsored"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Microsoft"
• target-information="Ukraine"
• malpedia="Kazuar"
• threat-actor="Turla"
mitre-attack-pattern=['T1113', 'T1056.001', 'T1114', 'T1074.001', 'T1082', 'T1071', 'T1005', 'T1055', 'T1071.003', 'T1090', 'T1059', 'T1083', 'T1497', 'T1102', 'T1057', 'T1041', 'T1562.001', 'T1027', 'T1114.002', 'T1573', 'T1095', 'T1132', 'T1027.002', 'T1071.001']

MISP event uuid: 5df6c3a9-4e93-4dc5-bc9f-d50b8ac31856

📃Title: [Ransomware] Unconfirmed: PNS* Ins****** Bro**** Sdn Bhd
📅Date: 2026-05-17
🔗References: https://www.ransomware.live/id/UE5TQiBJbnN1cmFuY2UgQnJva2VycyBTZG4gQmhkQHFpbGlu

🔖Rectifyq Taxonomies:
Relevancy: 🔴 Highly Relevant
Category: 💥 Data Breach
- TA-category="Ransomware"

🔖MISP Galaxies:
- target-information="Malaysia"
- sector="Finance"
- ransomware="Qilin"
mitre-attack-pattern=[]

MISP event uuid: 1cfaf58b-285e-4477-bac1-1ab80f7da206

📃Title: [Ransomware] Unconfirmed: Int************ (+ Tsk************** + Ame******************** + Woo*************
📅Date: 2026-05-13
🔗References: https://www.ransomware.live/id/SW50ZWNlbmcuY29tLm15ICgrIFRza3N5bmVyZ3kuY29tLm15ICsgQW1lbWFudWZhY3R1cmluZy5jb20ubXkgKyBXb29kbm92YS5jb20ubXkpQHBheWxvYWQ=

🔖Rectifyq Taxonomies:
Relevancy: 🔴 Highly Relevant
Category: 💥 Data Breach
- TA-category="Ransomware"

🔖MISP Galaxies:
- target-information="Malaysia"
- sector="Manufacturing"
- ransomware="payload"
mitre-attack-pattern=[]

MISP event uuid: 8958fe77-93e2-4663-9b9f-1fddb1d6bed6