📃Title: Spring harvest - Leek Likho group's campaign to hunt for documents
📅Date: 2026-05-15
🔗References:
https://securelist.ru/tr/leek-likho-hunting-for-data-with-tor-and-llms/115601/

🔖Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• TA-category="APT"
• target="broad-based"
• topic="ai"
• samples-found-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Kaspersky"
• sector="Government, Administration"
• target-information="Belarus"
• target-information="Russia"
mitre-attack-pattern=['T1547', 'T1090', 'T1059']

MISP event uuid: 8483102e-5129-4460-b958-d38750a66fe4

📃Title: Chinese APT Campaign Targets Entities with Updated FDMTP Backdoor
📅Date: 2026-05-14
🔗References:
https://www.darktrace.com/blog/chinese-apt-campaign-targets-entities-with-updated-fdmtp-backdoor

🔖Rectifyq Taxonomies:
Relevancy: 🟡 Somewhat Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• TA-category="APT"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• country="china"
• region="142 - Asia"
mitre-attack-pattern=['T1007', 'T1027', 'T1030', 'T1053', 'T1071', 'T1082', 'T1095', 'T1140', 'T1547', 'T1574', 'T1127', 'T1562', 'T1499', 'T1195', 'T1490', 'T1056', 'T1123', 'T1059', 'T1134', 'T1055', 'T1574.001', 'T1106', 'T1547.001', 'T1053.005']

MISP event uuid: 4583b718-a906-4818-8811-97ba5fae34a6

📃Title: Cato CTRL Threat Research: Suspected China-Linked Threat Actor Targets Global Manufacturer with Undocumented TencShell Malware
📅Date: 2026-05-13
🔗References:
https://www.catonetworks.com/blog/cato-ctrl-suspected-china-linked-threat-actor-targets-global-manufacturer/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• mitre-att&ck="from-OTX"
• sub-category="intrusion-analysis"
• target="targeted"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1005', 'T1036', 'T1041', 'T1055', 'T1057', 'T1059', 'T1071', 'T1082', 'T1083', 'T1090', 'T1102', 'T1105', 'T1106', 'T1113', 'T1129', 'T1547', 'T1548', 'T1548.002', 'T1070.004', 'T1090.001', 'T1036.008', 'T1571', 'T1620', 'T1547.001', 'T1071.001', 'T1059.003']

MISP event uuid: 2a009741-12ae-4be9-8bd5-9f1fb78483bf

📃Title: Vidar v1.5 in Go: same family, new language, heavy sandbox checks
📅Date: 2026-05-16
🔗References:
https://www.derp.ca/research/vidar-go-sandbox-dead-drop/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="malware-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• malpedia="Vidar"
mitre-attack-pattern=['T1497']

MISP event uuid: 086035cf-56d1-42da-82a8-35dfa8c0e324

📃Title: FlowerStorm unleashes the KrakVM: PhaaS operators turn to VM-based obfuscation
📅Date: 2026-05-14
🔗References:
https://sublime.security/blog/flowerstorm-unleashes-the-krakvm-phaas-operators-turn-to-vm-based-obfuscation/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="tool-profile"
• sub-category="campaign-analysis"
• topic="mobile-attack"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1566']

MISP event uuid: 0e1d220e-d9da-4f25-ac9e-469b98eadcad

📃Title: macOS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain
📅Date: 2026-05-18
🔗References:
https://www.sentinelone.com/blog/shub-reaper-macos-stealer-spoofs-apple-google-and-microsoft-in-a-single-attack-chain/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="malware-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="SentinelOne"
mitre-attack-pattern=['T1560.001', 'T1539', 'T1074.001', 'T1036.005', 'T1555.001', 'T1204.002', 'T1082', 'T1059.002', 'T1005', 'T1555.003', 'T1083', 'T1566', 'T1059.004', 'T1027', 'T1567.002', 'T1543.001', 'T1070.004', 'T1071.001', 'T1102.001']

MISP event uuid: 9f05b1a5-3943-44f0-9c7a-e5523c92663d

📃Title: Active Supply Chain Attack Compromises Packages on npm
📅Date: 2026-05-19
🔗References:
https://socket.dev/blog/antv-packages-compromised

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="supply-chain"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="37ebf9d7-5e9a-466f-a42c-6e60313db868"
• malpedia="Shai-Hulud"
mitre-attack-pattern=['T1059.007', 'T1552.005', 'T1573.001', 'T1106', 'T1219', 'T1552.004', 'T1552.001', 'T1567.001', 'T1059.004', 'T1027', 'T1195.002', 'T1070.004', 'T1071.001', 'T1543.002', 'T1105', 'T1078.004', 'T1552.007']

MISP event uuid: 05e5980c-095e-4789-a521-73f3eb7e7b31

📃Title: Copycat hits another npm package
📅Date: 2026-05-18
🔗References:
https://www.theregister.com/cyber-crime/2026/05/18/shai-hulud-copycat-hits-another-npm-package/5242180

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="supply-chain"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• malpedia="Shai-Hulud"
mitre-attack-pattern=['T1543', 'T1082', 'T1053', 'T1005', 'T1140', 'T1567', 'T1552.004', 'T1016', 'T1087', 'T1059', 'T1552.001', 'T1027', 'T1573', 'T1195.002', 'T1496', 'T1485', 'T1498', 'T1071.001', 'T1552.007']

MISP event uuid: e1975520-e8cf-4ff6-91ab-31ba2c8ec017

📃Title: Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor
📅Date: 2026-05-20
🔗References:
https://socket.dev/blog/popular-go-decimal-library-typosquat-dns-backdoor

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="supply-chain"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="37ebf9d7-5e9a-466f-a42c-6e60313db868"
mitre-attack-pattern=['T1071.004', 'T1583.001', 'T1572', 'T1059', 'T1568', 'T1195.002']

MISP event uuid: dc882c2c-c7f2-45d3-b3fb-29500dcf9b18

📃Title: Inside Banana RAT: From Build Server to Banking Fraud
📅Date: 2026-05-19
🔗References:
https://www.trendmicro.com/en_us/research/26/e/banana-rat.html

🔖Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="malware-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Trend Micro"
• target-information="Brazil"
mitre-attack-pattern=['T1053.005', 'T1113', 'T1056.001', 'T1036.005', 'T1204.002', 'T1573.001', 'T1115', 'T1082', 'T1140', 'T1055', 'T1185', 'T1112', 'T1083', 'T1041', 'T1059.001', 'T1566', 'T1001', 'T1027', 'T1071.001', 'T1564.001']

MISP event uuid: 0b84e4bb-274b-4d06-a180-f52c8b474e6d

📃Title: Latest PyPi Compromise
📅Date: 2026-05-19
🔗References:
https://www.wiz.io/blog/durabletask-teampcp-supply-chain-attack

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="supply-chain"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Wiz Blog"
mitre-attack-pattern=['T1195.001', 'T1555.005', 'T1106', 'T1005', 'T1555.003', 'T1552.004', 'T1083', 'T1552.001', 'T1552.006', 'T1087.004', 'T1547.001', 'T1078', 'T1027', 'T1195.002', 'T1573.002', 'T1570', 'T1059.006', 'T1071.001', 'T1021.001', 'T1552.007']

MISP event uuid: 1e57b118-ee0f-4afc-a1fb-2b6687f960df

📃Title: Exposing Fox Tempest: A malware-signing service operation
📅Date: 2026-05-19
🔗References:
https://www.microsoft.com/en-us/security/blog/2026/05/19/exposing-fox-tempest-a-malware-signing-service-operation/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="tool-profile"
• TA-category="Cybercrime"
• TA-category="Ransomware"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Microsoft"
• target-information="United States"
• target-information="British Indian Ocean Territory"
• target-information="China"
• target-information="France"
• target-information="India"
mitre-attack-pattern=['T1204.002', 'T1553.002', 'T1082', 'T1140', 'T1567', 'T1218', 'T1136.001', 'T1083', 'T1059.001', 'T1566', 'T1562.001', 'T1078', 'T1027', 'T1036.001', 'T1486', 'T1195.002', 'T1189', 'T1071.001', 'T1105', 'T1021.001']

MISP event uuid: 7d52bcc6-a889-4f8a-a841-d5ae3b3714c5

📃Title: 9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities
📅Date: 2026-05-19
🔗References:
https://www.vulncheck.com/blog/cve-2017-9841

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: 💉 Vulnerability
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="critical-vuln"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1133', 'T1082', 'T1071', 'T1608.001', 'T1190', 'T1595.002', 'T1505.003', 'T1595', 'T1087', 'T1059', 'T1083', 'T1608', 'T1059.004', 'T1027', 'T1505', 'T1071.001', 'T1018', 'T1046', 'T1105']

MISP event uuid: aa2425c7-fd98-4e8e-84c7-d5a56208bbfe

📃Title: [Ransomware] Unconfirmed: Sha******** Met***
📅Date: 2026-05-29
🔗References: https://www.ransomware.live/id/U2hhbnBvb3JuYW0gTWV0YWxzQGxhbWFzaHR1

🔖Rectifyq Taxonomies:
Relevancy: 🔴 Highly Relevant
Category: 💥 Data Breach
- TA-category="Ransomware"

🔖MISP Galaxies:
- target-information="Malaysia"
- sector="Manufacturing"
- ransomware="lamashtu"
mitre-attack-pattern=[]

MISP event uuid: f2f56dd8-e0fe-45c7-9e83-de9237df5602

📃Title: New burrowing techniques
📅Date: 2026-05-20
🔗References:
https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• sub-category="TA-profile"
• sub-category="campaign-analysis"
• target="broad-based"
• TA-category="APT"
• samples-found-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="ESET"
• target-information="Belgium"
• target-information="Czech Republic"
• target-information="Hungary"
• target-information="Italy"
• target-information="Nigeria"
• target-information="Poland"
• target-information="Serbia"
• target-information="South Africa"
• target-information="Spain"
• threat-actor="Webworm"
• online-service="7347d685-8e08-4ed9-9f34-264e5e4b567a"
• online-service="3b16bb5a-eb4f-4603-a909-bebc5df4a46d"
mitre-attack-pattern=['T1550.001', 'T1573.002', 'T1102.002', 'T1078.004', 'T1021.007', 'T1005', 'T1027.013', 'T1041', 'T1567.002', 'T1090.002', 'T1070.004', 'T1090.001', 'T1074.001', 'T1112', 'T1090.003', 'T1547.001', 'T1074.002', 'T1053.005', 'T1583.004', 'T1132.001', 'T1070.006', 'T1608.002', 'T1583.003', 'T1588.006', 'T1595.002', 'T1071.001', 'T1584.006', 'T1059.003', 'T1595.003']

MISP event uuid: 55a58703-da62-4330-bd76-3189d2635e28

📃Title: PureLogs: Delivery via PawsRunner Steganography
📅Date: 2026-05-15
🔗References:
https://www.fortinet.com/blog/threat-research/purelogs-delivery-via-pawsrunner-steganography

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• sub-category="campaign-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Fortinet"
• malpedia="PureLogs Stealer"
mitre-attack-pattern=[]

MISP event uuid: 3c80a5eb-e55b-46df-87f5-aa09ba9bb5d2

📃Title: The Worm That Keeps on Digging: Latest Wave
📅Date: 2026-05-19
🔗References:
https://www.wiz.io/blog/mini-shai-hulud-teampcp-hits-antv-supply-chain

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="supply-chain"
• target="broad-based"
• samples-found-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Wiz Blog"
• malpedia="Shai-Hulud"
• online-service="3b16bb5a-eb4f-4603-a909-bebc5df4a46d"
mitre-attack-pattern=['T1059.007', 'T1539', 'T1555.003', 'T1552.004', 'T1552.001', 'T1567.001', 'T1552.006', 'T1102.003', 'T1574.010', 'T1195.002', 'T1102.002', 'T1059.006', 'T1543.001', 'T1071.001', 'T1543.002', 'T1105', 'T1102.001']

MISP event uuid: a8121f4e-198f-47f3-a649-0b881e64d745

📃Title: Fresh mischief and digital shenanigans
📅Date: 2026-05-14
🔗References:
https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/

🔖Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• TA-category="APT"
• target="broad-based"
• samples-found-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="ESET"
• target-information="Lithuania"
• target-information="Poland"
• target-information="Ukraine"
• threat-actor="FrostyNeighbor"
• region="151 - Eastern Europe"
• sector="Government, Administration"
• sector="Military"
• malpedia="Cobalt Strike"
• malpedia="PicassoLoader"
mitre-attack-pattern=['T1053.005', 'T1583', 'T1036.005', 'T1204.002', 'T1566.001', 'T1082', 'T1059', 'T1608', 'T1057', 'T1041', 'T1060', 'T1588.002', 'T1027', 'T1071.001', 'T1027.009']

MISP event uuid: 62c6b987-cf0c-4a4b-9c57-a5a107789688

📃Title: Ghost CMS Mass Compromised via CVE-2026-26980, Now Fueling ClickFix Attacks
📅Date: 2026-05-21
🔗References:
https://blog.xlab.qianxin.com/ghost-cms-mass-compromised-via-cve-2026-26980-now-fueling-clickfix-attacks/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="intrusion-analysis"
• sub-category="critical-vuln"
• sub-category="campaign-analysis"
• target="broad-based"
• samples-found-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1218.011', 'T1132.001', 'T1059.007', 'T1140', 'T1190', 'T1583.001', 'T1055', 'T1102', 'T1583.006', 'T1204', 'T1059.001', 'T1212', 'T1547.001', 'T1566', 'T1027', 'T1573', 'T1059.003', 'T1071.001', 'T1105']

MISP event uuid: 63a2d681-adb1-4ca3-a1ae-f2d332ea8de5

📃Title: SEO poisoning campaign leverages Gemini and Claude Code impersonation to deliver infostealer
📅Date: 2026-05-21
🔗References:
https://blog.eclecticiq.com/seo-poisoning-campaign-leverages-gemini-and-claude-code-impersonation-to-deliver-infostealer

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• sub-category="campaign-analysis"
• topic="ai"
• target="broad-based"
• samples-found-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="EclecticIQ"
• target-information="United States"
• target-information="United Kingdom"
mitre-attack-pattern=['T1552.001', 'T1555.003', 'T1552.002', 'T1005', 'T1140', 'T1562.001', 'T1189', 'T1573', 'T1041', 'T1083', 'T1562.006', 'T1105', 'T1204.002', 'T1204.001', 'T1027', 'T1059.001', 'T1057', 'T1608.006', 'T1539', 'T1218', 'T1497.001', 'T1071.001', 'T1555.004']

MISP event uuid: 6c37649e-5ce2-4c1b-8fb0-c90e251a93a2