Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
@rectifyq
172 subscribers
2 files
1.92K links
rectifyq.com
Rectifyq Cybersecurity News with approximate relevancy to Malaysia and contextualized using MISP Galaxies.

Relevancy
πŸ”΄- e.g. APT target πŸ‡²πŸ‡Ύ.
🟑- e.g. APT target Asian country.
πŸ”΅- e.g. Infostealers impact globally.
⚫- Good to know only.
Download Telegram
About
Blog
Apps
Platform
Join
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
172 subscribers
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America
πŸ“…Date: 2026-05-11
πŸ”—References:
https://www.trendmicro.com/en_us/research/26/e/vibe-hacking-two-ai-augmented-campaigns-target-government-and-financial-sectors-in-latin-america.html

πŸ”–Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: βš” Threat
β€’ mitre-att&ck="from-original-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ topic="ai"
β€’ TA-category="APT"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Trend Micro"
β€’ target-information="Brazil"
β€’ target-information="Mexico"
β€’ sector="Finance"
β€’ sector="Government, Administration"
mitre-attack-pattern=['T1087', 'T1071', 'T1588.007', 'T1020', 'T1059', 'T1552.001', 'T1213', 'T1482', 'T1041', 'T1190', 'T1203', 'T1068', 'T1210', 'T1187', 'T1590', 'T1654', 'T1036', 'T1046', 'T1003', 'T1110.003', 'T1057', 'T1572', 'T1090', 'T1018', 'T1021.004', 'T1053', 'T1082', 'T1595', 'T1136.002', 'T1484.001', 'T1136.001', 'T1550.002', 'T1021.002']

MISP event uuid: 4bd6144b-8063-4593-be7f-804bc865ebf9
Trend Micro
Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America
TrendAIβ„’ Research has identified two emerging threat campaignsβ€”SHADOW-AETHER-040 and SHADOW-AETHER-064β€”that use agentic AI to drive intrusion operations against government and financial organizations in Latin America, marking these among the first cases we…
6 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware
πŸ“…Date: 2026-05-11
πŸ”—References:
https://thedfirreport.com/2026/05/11/flash-alert-etherrat-and-tuktuk-c2-end-in-the-gentleman-ransomware/

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="intrusion-analysis"
β€’ TA-category="Ransomware"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="The DFIR Report"
β€’ malpedia="EtherRAT"
β€’ ransomware="the gentlemen"
mitre-attack-pattern=['T1069', 'T1082', 'T1218.007', 'T1567', 'T1219', 'T1055', 'T1021.002', 'T1070.001', 'T1003.001', 'T1087', 'T1482', 'T1204', 'T1059.001', 'T1547.001', 'T1566', 'T1027', 'T1486', 'T1059.003', 'T1018', 'T1021.001', 'T1003.003', 'T1558.003', 'T1490']

MISP event uuid: c9a7d245-784e-435c-8a24-809ff55ecb70
The DFIR Report
Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware - The DFIR Report
In April, we observed an intrusion linked to the Atos-reported campaign where an EtherRAT was installed via a malicious MSI masquerading as a Sysinternals tool. Later in the intrusion, we observed the deployment of a new malware framework named TukTuk, first…
9 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication
πŸ“…Date: 2026-05-07
πŸ”—References:
https://www.levelblue.com/blogs/spiderlabs-blog/unmasking-a-multi-stage-loader-autoit-abuse-leading-to-vidar-stealer-command-and-control-communication

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="from-original-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="intrusion-analysis"
β€’ target="targeted"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ malpedia="Vidar"
β€’ malpedia="Zebrocy (AutoIT)"
mitre-attack-pattern=['T1489', 'T1204.002', 'T1082', 'T1071', 'T1140', 'T1036', 'T1055', 'T1218', 'T1059', 'T1083', 'T1497', 'T1057', 'T1041', 'T1562.001', 'T1027', 'T1573', 'T1059.003', 'T1070.004', 'T1071.001', 'T1105']

MISP event uuid: 1a9ab7c4-5788-46dd-b491-c8faf4fe0781
Levelblue
Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication
In this Threat Analysis report, we investigate a multi-stage malware execution chain identified through proactive threat hunting activities within a client environment.
11 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Website installer incident (May 2026)
πŸ“…Date: 2026-05-11
πŸ”—References:
https://jdownloader.org/incident_8.5.2026.html?v=20260508277000

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="intrusion-analysis"
β€’ topic="supply-chain"
β€’ target="targeted"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
mitre-attack-pattern=['T1036.005', 'T1204.002', 'T1608.001', 'T1195', 'T1036', 'T1505.003', 'T1059', 'T1608', 'T1204', 'T1554', 'T1566', 'T1059.004', 'T1078', 'T1027', 'T1486', 'T1195.002', 'T1505', 'T1485', 'T1189', 'T1490']

MISP event uuid: 60647f90-8d16-4246-8004-22427c2e3a19
jdownloader.org
JDownloader β€” Website installer incident (May 2026)
Self-contained information on jdownloader.org about the May 2026 incident affecting some installer downloads: timeline, scope, and how to check your system.
14 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw
πŸ“…Date: 2026-04-30
πŸ”—References:
https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ topic="ai"
β€’ topic="supply-chain"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ malpedia="AMOS"
mitre-attack-pattern=['T1053.005', 'T1218.011', 'T1082', 'T1106', 'T1140', 'T1036', 'T1055', 'T1112', 'T1497', 'T1204', 'T1059.001', 'T1547.001', 'T1566', 'T1562.001', 'T1055.012', 'T1027', 'T1573', 'T1070.004', 'T1071.001', 'T1564.001']

MISP event uuid: d687c053-f835-4b54-b42e-236245f54439
Acronis
Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw
Acronis TRU uncovered active abuse of AI platforms like Hugging Face and ClawHub for malware delivery, where attackers exploit trust in AI ecosystems and agents, and potentially trigger further malicious actions through AI-driven workflows.
14 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign
πŸ“…Date: 2026-05-12
πŸ”—References:
https://www.security.com/threat-intelligence/iran-seedworm-electronics

πŸ”–Rectifyq Taxonomies:
Relevancy: 🟑 Somewhat Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ TA-category="APT"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Symantec"
β€’ target-information="Argentina"
β€’ target-information="Bahrain"
β€’ target-information="Brazil"
β€’ target-information="Chile"
β€’ target-information="Colombia"
β€’ target-information="Indonesia"
β€’ target-information="Kuwait"
β€’ target-information="Malaysia"
β€’ target-information="Mexico"
β€’ target-information="Oman"
β€’ target-information="Philippines"
β€’ target-information="Qatar"
β€’ target-information="Saudi Arabia"
β€’ target-information="Singapore"
β€’ target-information="Thailand"
β€’ target-information="United Arab Emirates"
β€’ country="iran"
β€’ target-information="South Korea"
β€’ threat-actor="MuddyWater"
β€’ sector="Education"
β€’ sector="Electronic"
β€’ sector="Finance"
β€’ sector="Industrial"
β€’ sector="Manufacturing"
β€’ region="035 - South-eastern Asia"
mitre-attack-pattern=['T1113', 'T1033', 'T1003.002', 'T1087.002', 'T1087.001', 'T1135', 'T1082', 'T1003.001', 'T1016', 'T1049', 'T1552.001', 'T1041', 'T1059.001', 'T1547.001', 'T1078', 'T1068', 'T1567.002', 'T1518.001', 'T1543.001', 'T1059.003', 'T1071.001', 'T1574.002', 'T1055.001', 'T1090.001']

MISP event uuid: d2f29648-4ca4-4b5d-82e6-43bdb7cb4c34
Security
Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign
Iran-linked threat actor abused signed Fortemedia and SentinelOne binaries for DLL sideloading and exfiltrated data through a public file-transfer service.
15 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: TanStack npm Packages Compromised in Ongoing Supply-Chain Attack
πŸ“…Date: 2026-05-11
πŸ”—References:
https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ topic="supply-chain"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ malpedia="Shai-Hulud"
mitre-attack-pattern=['T1059.007', 'T1552.005', 'T1036.005', 'T1543.003', 'T1574.006', 'T1552.001', 'T1528', 'T1098.001', 'T1087.004', 'T1136.003', 'T1204.003', 'T1195.002', 'T1573.002', 'T1071.001', 'T1105', 'T1550.001', 'T1078.004', 'T1552.007']

MISP event uuid: 6f0fb181-17f2-47c8-b4ce-24d302f8d931
Socket
TanStack npm Packages Compromised in Ongoing Mini Shai-Hulud...
Socket detected 84 compromised TanStack npm package artifacts modified with suspected CI credential-stealing malware.
10 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: LBIOC-20260071 - The Gentlemens Leak
πŸ“…Date: 2026-05-13
πŸ”—References:
https://radar.offseq.com/threat/lbioc-20260071-the-gentlemens-leak-c18cd0f4

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="TA-profile"
β€’ sub-category="campaign-analysis"
β€’ TA-category="Ransomware"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ ransomware="the gentlemen"
mitre-attack-pattern=['T1071', 'T1059', 'T1486', 'T1573', 'T1083', 'T1105', 'T1490', 'T1027', 'T1057', 'T1090', 'T1018', 'T1489', 'T1082', 'T1016', 'T1049', 'T1569', 'T1529', 'T1204', 'T1497', 'T1047']

MISP event uuid: 7deedbeb-d693-43a5-a067-afbaf9b06834
OffSeq Threat Radar
LBIOC-20260071 - The Gentlemens Leak - Live Threat Intelligence - Threat Radar | OffSeq.com
Detailed information about LBIOC-20260071 - The Gentlemens Leak. Get real-time updates, technical details, and mitigation strategies.
13 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign
πŸ“…Date: 2026-05-13
πŸ”—References:
https://www.genians.co.kr/en/blog/threat_intelligence/python?hsCtaAttrib=343278473915

πŸ”–Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ topic="ai"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
mitre-attack-pattern=['T1059.006', 'T1566']

MISP event uuid: faffe042-8de6-4d2b-8e2b-960e0afc09c7
www.genians.co.kr
Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign
A suspected APT37-linked threat campaign has been identified, combining batch file obfuscation techniques with Compiled Python-based malware.
13 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: ClickFix Evolves with PySoxy Proxying
πŸ“…Date: 2026-05-12
πŸ”—References:
https://reliaquest.com/blog/threat-spotlight-clickfix-evolves-with-pysoxy-proxying

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="intrusion-analysis"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
mitre-attack-pattern=['T1053.005', 'T1033', 'T1074.001', 'T1087.002', 'T1204.002', 'T1573.001', 'T1069.002', 'T1135', 'T1140', 'T1090', 'T1482', 'T1041', 'T1059.001', 'T1547.001', 'T1027', 'T1059.006', 'T1070.004', 'T1071.001', 'T1018', 'T1105']

MISP event uuid: 1af217fa-683f-4945-a924-640716449a80
ReliaQuest
ClickFix Evolves with PySoxy Proxying | ReliaQuest Threat Research
ClickFix just got more dangerous. Discover how one pasted command creates persistent, redundant accessβ€”and how to detect it before the damage spreads.
16 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Thus Spoke…The Gentlemen
πŸ“…Date: 2026-05-13
πŸ”—References:
https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="TA-profile"
β€’ TA-category="Ransomware"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Check Point"
β€’ target-information="United Kingdom"
β€’ ransomware="the gentlemen"
mitre-attack-pattern=['T1003', 'T1133', 'T1489', 'T1562', 'T1190', 'T1219', 'T1550', 'T1560', 'T1021', 'T1070', 'T1083', 'T1049', 'T1210', 'T1048', 'T1566', 'T1078', 'T1068', 'T1486', 'T1018', 'T1490']

MISP event uuid: 60c42d6c-2f80-48b1-bb63-f22d18770621
Check Point Research
Thus Spoke…The Gentlemen - Check Point Research
Key Points Introduction The Gentlemen ransomware‑as‑a‑service (RaaS) operation is a relatively new group that emerged around mid‑2025. Its operators advertise the service across multiple underground forums, promoting their ransomware platform and inviting…
16 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Disclosing new PebbleDash-based tools
πŸ“…Date: 2026-05-14
πŸ”—References:
https://securelist.com/kimsuky-appleseed-pebbledash-campaigns/119785/

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ TA-category="APT"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Kaspersky"
β€’ threat-actor="Kimsuky"
β€’ target-information="Brazil"
β€’ target-information="Germany"
β€’ target-information="South Korea"
β€’ sector="Defense"
β€’ sector="Government, Administration"
β€’ malpedia="Appleseed"
β€’ malpedia="PEBBLEDASH"
mitre-attack-pattern=['T1053.005', 'T1113', 'T1132.001', 'T1056.001', 'T1204.002', 'T1573.001', 'T1543.003', 'T1566.001', 'T1005', 'T1140', 'T1219', 'T1055', 'T1112', 'T1041', 'T1059.001', 'T1547.001', 'T1027', 'T1059.003', 'T1071.001', 'T1090.001']

MISP event uuid: 0d8d2f88-341b-4ee7-ae73-5113a3f9d3db
31 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Device Code Phishing is an Evolution in Identity Takeover
πŸ“…Date: 2026-05-13
πŸ”—References:
https://www.proofpoint.com/us/blog/threat-insight/device-code-phishing-evolution-identity-takeover

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="campaign-analysis"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Proofpoint"
mitre-attack-pattern=['T1539', 'T1114', 'T1204.002', 'T1566.002', 'T1598.003', 'T1566.001', 'T1185', 'T1087', 'T1528', 'T1204', 'T1534', 'T1566', 'T1078', 'T1486', 'T1598', 'T1213', 'T1204.001', 'T1078.004', 'T1566.003']

MISP event uuid: 402e1b2f-0ec7-4c71-a016-c3cc30ff9204
Proofpoint
Device Code Phishing is an Evolution in Identity Takeover | Proofpoint US
Key Findings Device code phishing is exploding across the threat landscape, with new device code phishing tools emerging every week. The spike in device code phishing
21 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
πŸ“…Date: 2026-05-15
πŸ”—References:
https://unit42.paloaltonetworks.com/gremlin-stealer-evolution/

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="malware-analysis"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ no-samples-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Palo Alto"
β€’ malpedia="Gremlin"
mitre-attack-pattern=['T1056.001', 'T1539', 'T1115', 'T1082', 'T1106', 'T1005', 'T1140', 'T1567', 'T1552', 'T1032', 'T1185', 'T1555.003', 'T1027.001', 'T1528', 'T1041', 'T1027', 'T1081', 'T1567.002', 'T1027.002', 'T1071.001']

MISP event uuid: 6cc3f205-3931-4e73-a46d-b5a657ab4949
Unit 42
Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
Unit 42 analyzes the evolution of Gremlin stealer. This variant uses advanced obfuscation, crypto clipping and session hijacking to compromise data.
22 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: Kazuar: Anatomy of a nation-state botnet
πŸ“…Date: 2026-05-14
πŸ”—References:
https://www.microsoft.com/en-us/security/blog/2026/05/14/kazuar-anatomy-of-a-nation-state-botnet/

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΅ Potentially Relevant
Category: βš” Threat
β€’ mitre-att&ck="none-from-src"
β€’ mitre-att&ck="from-OTX"
β€’ sub-category="malware-analysis"
β€’ TA-category="APT"
β€’ TA-category="State-Sponsored"
β€’ target="broad-based"
β€’ no-samples-in="MalwareBazaar"
β€’ samples-found-in="Tria.ge"
β€’ action-taken="VT-comment"

πŸ”–MISP Galaxies:
β€’ producer="Microsoft"
β€’ target-information="Ukraine"
β€’ malpedia="Kazuar"
β€’ threat-actor="Turla"
mitre-attack-pattern=['T1113', 'T1056.001', 'T1114', 'T1074.001', 'T1082', 'T1071', 'T1005', 'T1055', 'T1071.003', 'T1090', 'T1059', 'T1083', 'T1497', 'T1102', 'T1057', 'T1041', 'T1562.001', 'T1027', 'T1114.002', 'T1573', 'T1095', 'T1132', 'T1027.002', 'T1071.001']

MISP event uuid: 5df6c3a9-4e93-4dc5-bc9f-d50b8ac31856
Microsoft News
Kazuar: Anatomy of a nation-state botnet
Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused operations. Over time, Kazuar has expanded from a relatively…
21 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: [Ransomware] Unconfirmed: PNS* Ins****** Bro**** Sdn Bhd
πŸ“…Date: 2026-05-17
πŸ”—References: https://www.ransomware.live/id/UE5TQiBJbnN1cmFuY2UgQnJva2VycyBTZG4gQmhkQHFpbGlu

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΄ Highly Relevant
Category: πŸ’₯ Data Breach
- TA-category="Ransomware"

πŸ”–MISP Galaxies:
- target-information="Malaysia"
- sector="Finance"
- ransomware="Qilin"
mitre-attack-pattern=[]

MISP event uuid: 1cfaf58b-285e-4477-bac1-1ab80f7da206
Ransomware.live
Victim: PNSB Insurance Brokers Sdn Bhd – qilin
Ransomware.live discovered on 2026-05-17 that PNSB Insurance Brokers Sdn Bhd has been claimed by Qilin ransomware group
32 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: [Ransomware] Unconfirmed: Int************ (+ Tsk************** + Ame******************** + Woo*************
πŸ“…Date: 2026-05-13
πŸ”—References: https://www.ransomware.live/id/SW50ZWNlbmcuY29tLm15ICgrIFRza3N5bmVyZ3kuY29tLm15ICsgQW1lbWFudWZhY3R1cmluZy5jb20ubXkgKyBXb29kbm92YS5jb20ubXkpQHBheWxvYWQ=

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΄ Highly Relevant
Category: πŸ’₯ Data Breach
- TA-category="Ransomware"

πŸ”–MISP Galaxies:
- target-information="Malaysia"
- sector="Manufacturing"
- ransomware="payload"
mitre-attack-pattern=[]

MISP event uuid: 8958fe77-93e2-4663-9b9f-1fddb1d6bed6
Ransomware.live
Victim: Inteceng.com.my (+ Tsksynergy.com.my + Amemanufacturing.com.my + Woodnova.com.my) – payload
Ransomware.live discovered on 2026-05-13 that Inteceng.com.my (+ Tsksynergy.com.my + Amemanufacturing.com.my + Woodnova.com.my) has been claimed by Payload ransomware group
46 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ pinned Β«πŸ“ƒTitle: [Ransomware] Unconfirmed: PNS* Ins****** Bro**** Sdn Bhd πŸ“…Date: 2026-05-17 πŸ”—References: https://www.ransomware.live/id/UE5TQiBJbnN1cmFuY2UgQnJva2VycyBTZG4gQmhkQHFpbGlu πŸ”–Rectifyq Taxonomies: Relevancy: πŸ”΄ Highly Relevant Category: πŸ’₯ Data Breach - TA…»
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ pinned Β«πŸ“ƒTitle: [Ransomware] Unconfirmed: Int************ (+ Tsk************** + Ame******************** + Woo************* πŸ“…Date: 2026-05-13 πŸ”—References: https://www.ransomware.live/id/SW50ZWNlbmcuY29tLm15ICgrIFRza3N5bmVyZ3kuY29tLm15ICsgQW1lbWFudWZhY3R1cmluZy5jb…»
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
πŸ“ƒTitle: [Ransomware] Unconfirmed: Maj*** Per******** Alo* Gaj**
πŸ“…Date: 2026-05-17
πŸ”—References: https://www.ransomware.live/id/TWFqbGlzIFBlcmJhbmRhcmFuIEFsb3IgR2FqYWhAcWlsaW4=

πŸ”–Rectifyq Taxonomies:
Relevancy: πŸ”΄ Highly Relevant
Category: πŸ’₯ Data Breach
- TA-category="Ransomware"

πŸ”–MISP Galaxies:
- target-information="Malaysia"
- sector="Public Sector"
- ransomware="Qilin"
mitre-attack-pattern=[]

MISP event uuid: c842284d-499a-41d9-82a5-631ed5a1f5ca
Ransomware.live
Victim: Majlis Perbandaran Alor Gajah – qilin
Ransomware.live discovered on 2026-05-17 that Majlis Perbandaran Alor Gajah has been claimed by Qilin ransomware group
46 views
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ
Rectifyq Cybersecurity News πŸ‡²πŸ‡Ύ pinned Β«πŸ“ƒTitle: [Ransomware] Unconfirmed: Maj*** Per******** Alo* Gaj** πŸ“…Date: 2026-05-17 πŸ”—References: https://www.ransomware.live/id/TWFqbGlzIFBlcmJhbmRhcmFuIEFsb3IgR2FqYWhAcWlsaW4= πŸ”–Rectifyq Taxonomies: Relevancy: πŸ”΄ Highly Relevant Category: πŸ’₯ Data Breach - TA…»