πTitle: Fighting Spyware: An Update
π Date: 2026-06-08
πReferences:
https://about.fb.com/news/2026/06/fighting-spyware-an-update-from-whatsapp/
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ surveillance-vendor="NSO group"
mitre-attack-pattern=[]
MISP event uuid: 6268df24-e703-42f7-a6af-8313400d290f
π Date: 2026-06-08
πReferences:
https://about.fb.com/news/2026/06/fighting-spyware-an-update-from-whatsapp/
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ surveillance-vendor="NSO group"
mitre-attack-pattern=[]
MISP event uuid: 6268df24-e703-42f7-a6af-8313400d290f
Meta Newsroom
Fighting Spyware: An Update From WhatsApp
WhatsApp caught and disrupted spear phishing attempts linked to NSO, a spyware firm blacklisted by the US government.
πTitle: Phishing Attacks Leverage TikTok, Instagram Reels
π Date: 2026-06-09
πReferences:
https://www.reversinglabs.com/blog/social-media-attacks-phishing
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ target="broad-based"
β’ samples-found-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
MISP event uuid: 2f8fa130-d7a4-4f88-ab56-c30a49a24645
π Date: 2026-06-09
πReferences:
https://www.reversinglabs.com/blog/social-media-attacks-phishing
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ target="broad-based"
β’ samples-found-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
MISP event uuid: 2f8fa130-d7a4-4f88-ab56-c30a49a24645
ReversingLabs
Social Media Attacks Target One Tutorial at a Time | RL Blog
ReversingLabs has discovered two phishing techniques on TikTok and Instagram leveraging short-form videos. Hereβs how they work.
πTitle: Technical Analysis of MLTBackdoor
π Date: 2026-06-09
πReferences:
https://www.zscaler.com/blogs/security-research/technical-analysis-mltbackdoor
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="malware-analysis"
β’ target="broad-based"
β’ samples-found-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Zscaler"
mitre-attack-pattern=['T1497.001', 'T1082', 'T1106', 'T1005', 'T1140', 'T1055', 'T1497.003', 'T1090', 'T1083', 'T1041', 'T1027', 'T1573.002', 'T1518.001', 'T1059.003', 'T1027.002', 'T1071.001', 'T1105', 'T1564.004', 'T1055.001']
MISP event uuid: 1e7ef089-c72a-4013-a7ea-a5b3e9c56c8c
π Date: 2026-06-09
πReferences:
https://www.zscaler.com/blogs/security-research/technical-analysis-mltbackdoor
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="malware-analysis"
β’ target="broad-based"
β’ samples-found-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Zscaler"
mitre-attack-pattern=['T1497.001', 'T1082', 'T1106', 'T1005', 'T1140', 'T1055', 'T1497.003', 'T1090', 'T1083', 'T1041', 'T1027', 'T1573.002', 'T1518.001', 'T1059.003', 'T1027.002', 'T1071.001', 'T1105', 'T1564.004', 'T1055.001']
MISP event uuid: 1e7ef089-c72a-4013-a7ea-a5b3e9c56c8c
Zscaler
Technical Analysis of MLTBackdoor | ThreatLabz
MLTBackdoor is a new malware family that provides post-exploitation capabilities on demand and likely used by an initial access broker for ransomware attacks.
πTitle: From Fake Amazon Security Alert to HarborWatch Agent: ClickFix Delivery of a Custom Monitoring RAT
π Date: 2026-06-08
πReferences:
https://cofense.com/blog/from-fake-amazon-security-alert-to-harborwatch-agent-clickfix-delivery-of-a-custom-monitoring-rat
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Cofense"
mitre-attack-pattern=['T1053.005', 'T1132.001', 'T1036.005', 'T1566.002', 'T1082', 'T1005', 'T1140', 'T1497.003', 'T1083', 'T1036.004', 'T1057', 'T1041', 'T1059.001', 'T1204.003', 'T1027', 'T1573', 'T1564.003', 'T1071.001', 'T1018', 'T1204.001']
MISP event uuid: 59c95ca0-4902-4443-be40-3629edf6d854
π Date: 2026-06-08
πReferences:
https://cofense.com/blog/from-fake-amazon-security-alert-to-harborwatch-agent-clickfix-delivery-of-a-custom-monitoring-rat
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Cofense"
mitre-attack-pattern=['T1053.005', 'T1132.001', 'T1036.005', 'T1566.002', 'T1082', 'T1005', 'T1140', 'T1497.003', 'T1083', 'T1036.004', 'T1057', 'T1041', 'T1059.001', 'T1204.003', 'T1027', 'T1573', 'T1564.003', 'T1071.001', 'T1018', 'T1204.001']
MISP event uuid: 59c95ca0-4902-4443-be40-3629edf6d854
Cofense
From Fake Amazon Security Alert to HarborWatch Agent: ClickFix Delivery of a Custom Monitoring RAT
The Cofense Phishing Defense Center has identified an Amazon-themed malware delivery campaign that abuses the ClickFix self-infection technique to deliver a custom monitoring RAT known as HarborWatch Agent. This campaign highlights a growing trend in theβ¦
πTitle: Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751)
π Date: 2026-06-08
πReferences:
https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: π Vulnerability
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="critical-vuln"
β’ target="broad-based"
β’ TA-category="Ransomware"
β’ samples-found-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Check Point"
β’ target-information="Taiwan"
β’ ransomware="Qilin"
mitre-attack-pattern=['T1133', 'T1190', 'T1021', 'T1589.002', 'T1583.003', 'T1090.003', 'T1078', 'T1486', 'T1573', 'T1071.001', 'T1584.004']
MISP event uuid: a362920c-5c4c-41c8-a8ee-358d61175368
π Date: 2026-06-08
πReferences:
https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: π Vulnerability
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="critical-vuln"
β’ target="broad-based"
β’ TA-category="Ransomware"
β’ samples-found-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Check Point"
β’ target-information="Taiwan"
β’ ransomware="Qilin"
mitre-attack-pattern=['T1133', 'T1190', 'T1021', 'T1589.002', 'T1583.003', 'T1090.003', 'T1078', 'T1486', 'T1573', 'T1071.001', 'T1584.004']
MISP event uuid: a362920c-5c4c-41c8-a8ee-358d61175368
Check Point Blog
Patch Critical Check Point VPN Vulnerability (CVE-2026-50751)- Check Point Blog
Check Point issues an urgent hotfix for CVE-2026-50751, a critical IKEv1 VPN authentication bypass vulnerability under active exploitation.
πTitle: From Malspam to Fileless .NET Loader
π Date: 2026-06-03
πReferences:
https://www.huntress.com/blog/malspam-to-loader-delivery-chain-analysis
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="intrusion-analysis"
β’ target="targeted"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Huntress"
mitre-attack-pattern=['T1053.005', 'T1204.002', 'T1573.001', 'T1497.001', 'T1218.004', 'T1566.001', 'T1082', 'T1140', 'T1497.003', 'T1218.003', 'T1112', 'T1562.006', 'T1059.001', 'T1547.001', 'T1562.001', 'T1055.012', 'T1027', 'T1070.004', 'T1071.001', 'T1059.005']
MISP event uuid: 10570b78-9ce0-4a79-a52d-7da02fd487ca
π Date: 2026-06-03
πReferences:
https://www.huntress.com/blog/malspam-to-loader-delivery-chain-analysis
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="intrusion-analysis"
β’ target="targeted"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Huntress"
mitre-attack-pattern=['T1053.005', 'T1204.002', 'T1573.001', 'T1497.001', 'T1218.004', 'T1566.001', 'T1082', 'T1140', 'T1497.003', 'T1218.003', 'T1112', 'T1562.006', 'T1059.001', 'T1547.001', 'T1562.001', 'T1055.012', 'T1027', 'T1070.004', 'T1071.001', 'T1059.005']
MISP event uuid: 10570b78-9ce0-4a79-a52d-7da02fd487ca
Huntress
Inside .NET Loader Analysis: From Malspam to In-Memory Loader | Huntress
A malspam campaign abusing Google's DoubleClick delivers the loader through a five-stage chain that evades detection and blinds Windows telemetry before persisting
πTitle: SilabRAT, What's Your Power?
π Date: 2026-06-10
πReferences:
https://www.group-ib.com/blog/silabrat-hijackloader-trojan-malware/
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="from-original-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="malware-analysis"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Group-IB"
β’ malpedia="SnappyClient"
mitre-attack-pattern=['T1548', 'T1134', 'T1087', 'T1071', 'T1560', 'T1547', 'T1217', 'T1185', 'T1115', 'T1059', 'T1555', 'T1001', 'T1114', 'T1480', 'T1041', 'T1083', 'T1657', 'T1562', 'T1056', 'T1571', 'T1027', 'T1057', 'T1021', 'T1053', 'T1113', 'T1518', 'T1539', 'T1218', 'T1082', 'T1552', 'T1204', 'T1497', 'T1047']
MISP event uuid: 447672a5-3ae6-43ed-a720-ef117e9eda12
π Date: 2026-06-10
πReferences:
https://www.group-ib.com/blog/silabrat-hijackloader-trojan-malware/
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="from-original-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="malware-analysis"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Group-IB"
β’ malpedia="SnappyClient"
mitre-attack-pattern=['T1548', 'T1134', 'T1087', 'T1071', 'T1560', 'T1547', 'T1217', 'T1185', 'T1115', 'T1059', 'T1555', 'T1001', 'T1114', 'T1480', 'T1041', 'T1083', 'T1657', 'T1562', 'T1056', 'T1571', 'T1027', 'T1057', 'T1021', 'T1053', 'T1113', 'T1518', 'T1539', 'T1218', 'T1082', 'T1552', 'T1204', 'T1497', 'T1047']
MISP event uuid: 447672a5-3ae6-43ed-a720-ef117e9eda12
Group-IB
SilabRAT, Whatβs Your Power?
SilabRAT (aka SnappyClient) is an advanced Remote Access Trojan (RAT) sold as a Malware-as-a-Service (MaaS) on Darkweb forums. Developed by the threat actor "o1oo1," SilabRAT is heavily focused on financial gain through credential theft. It offers stabilityβ¦
πTitle: Ransomware Analysis: Go Binary and Fast Encryption
π Date: 2026-06-09
πReferences:
https://darkatlas.io/blog/how-a-go-binary-locks-down-enterprise-networks-in-minutes-the-story-behind-gentlemen-ransomware
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="TA-profile"
β’ sub-category="malware-analysis"
β’ TA-category="Ransomware"
β’ target="broad-based"
β’ detection-rules="yara-from-src"
β’ samples-found-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ target-information="United States"
β’ target-information="Brazil"
β’ target-information="Germany"
β’ target-information="United Kingdom"
β’ ransomware="the gentlemen"
mitre-attack-pattern=['T1053.005', 'T1047', 'T1003', 'T1489', 'T1069.002', 'T1135', 'T1082', 'T1070.003', 'T1140', 'T1021.002', 'T1021.006', 'T1070.001', 'T1083', 'T1059.001', 'T1547.001', 'T1562.001', 'T1027', 'T1486', 'T1018', 'T1490']
MISP event uuid: c92fa0fa-d0dc-4c67-b387-52edb9b647d7
π Date: 2026-06-09
πReferences:
https://darkatlas.io/blog/how-a-go-binary-locks-down-enterprise-networks-in-minutes-the-story-behind-gentlemen-ransomware
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="TA-profile"
β’ sub-category="malware-analysis"
β’ TA-category="Ransomware"
β’ target="broad-based"
β’ detection-rules="yara-from-src"
β’ samples-found-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ target-information="United States"
β’ target-information="Brazil"
β’ target-information="Germany"
β’ target-information="United Kingdom"
β’ ransomware="the gentlemen"
mitre-attack-pattern=['T1053.005', 'T1047', 'T1003', 'T1489', 'T1069.002', 'T1135', 'T1082', 'T1070.003', 'T1140', 'T1021.002', 'T1021.006', 'T1070.001', 'T1083', 'T1059.001', 'T1547.001', 'T1562.001', 'T1027', 'T1486', 'T1018', 'T1490']
MISP event uuid: c92fa0fa-d0dc-4c67-b387-52edb9b647d7
πTitle: PHISH ALERT: Press Play for Compromise β Voicemail Phishing Kit Bundles SSO Hijacking, Credential Theft, and RMM Delivery
π Date: 2026-06-09
πReferences:
https://x.com/Kb4Threatlabs/status/2064374959989043207
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
mitre-attack-pattern=['T1132.001', 'T1539', 'T1036.005', 'T1566.002', 'T1598.003', 'T1566.001', 'T1608.001', 'T1219', 'T1583.001', 'T1185', 'T1056.003', 'T1528', 'T1598.002', 'T1566', 'T1027', 'T1102.002', 'T1071.001', 'T1584.004', 'T1204.001', 'T1550.001']
MISP event uuid: 4a9ac54f-35f0-4d1a-a3b2-3ce5b9329fc0
π Date: 2026-06-09
πReferences:
https://x.com/Kb4Threatlabs/status/2064374959989043207
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
mitre-attack-pattern=['T1132.001', 'T1539', 'T1036.005', 'T1566.002', 'T1598.003', 'T1566.001', 'T1608.001', 'T1219', 'T1583.001', 'T1185', 'T1056.003', 'T1528', 'T1598.002', 'T1566', 'T1027', 'T1102.002', 'T1071.001', 'T1584.004', 'T1204.001', 'T1550.001']
MISP event uuid: 4a9ac54f-35f0-4d1a-a3b2-3ce5b9329fc0
X (formerly Twitter)
KB4ThreatLabs (@Kb4Threatlabs) on X
PHISH ALERT: Press Play for Compromise β Voicemail Phishing Kit Bundles SSO Hijacking, Credential Theft, and RMM Delivery
KnowBe4 ThreatLabs is tracking an advanced voicemail-themed campaign utilizing local HTML attachments to hijack Microsoft 365 sessionsβ¦
KnowBe4 ThreatLabs is tracking an advanced voicemail-themed campaign utilizing local HTML attachments to hijack Microsoft 365 sessionsβ¦
πTitle: China-Linked Fake Consulting Sites Targeting US Clearance Holders Seized
π Date: 2026-06-10
πReferences:
https://hackread.com/fbi-seizes-china-fake-consulting-sites-us-clearance/
πRectifyq Taxonomies:
Relevancy: β« Not Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="report"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ target-information="United States"
β’ country="china"
mitre-attack-pattern=[]
MISP event uuid: 5161867f-df57-43a4-9e41-d2cf2b309ad4
π Date: 2026-06-10
πReferences:
https://hackread.com/fbi-seizes-china-fake-consulting-sites-us-clearance/
πRectifyq Taxonomies:
Relevancy: β« Not Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="report"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ target-information="United States"
β’ country="china"
mitre-attack-pattern=[]
MISP event uuid: 5161867f-df57-43a4-9e41-d2cf2b309ad4
Hackread
FBI Seizes China-Linked Fake Consulting Sites Targeting US Clearance Holders
The Justice Department and FBI seized 13 fake consulting websites that officials say targeted US clearance holders with paid research work designed to obtain sensitive government information.
πTitle: [Ransomware] Unconfirmed: Ked**
π Date: 2026-06-16
πReferences: https://www.ransomware.live/id/S2VkYWhAbm92YQ==
πRectifyq Taxonomies:
Relevancy: π΄ Highly Relevant
Category: π₯ Data Breach
- TA-category="Ransomware"
πMISP Galaxies:
- target-information="Malaysia"
- sector="Not Found"
- ransomware="nova"
mitre-attack-pattern=[]
MISP event uuid: 242eb3b9-0164-4c40-8914-89f6c183e490
π Date: 2026-06-16
πReferences: https://www.ransomware.live/id/S2VkYWhAbm92YQ==
πRectifyq Taxonomies:
Relevancy: π΄ Highly Relevant
Category: π₯ Data Breach
- TA-category="Ransomware"
πMISP Galaxies:
- target-information="Malaysia"
- sector="Not Found"
- ransomware="nova"
mitre-attack-pattern=[]
MISP event uuid: 242eb3b9-0164-4c40-8914-89f6c183e490
Ransomware.live
Victim: Kedah β nova
Ransomware.live discovered on 2026-06-16 that Kedah has been claimed by Nova ransomware group
Rectifyq Cybersecurity News π²πΎ pinned Β«πTitle: [Ransomware] Unconfirmed: Ked** π
Date: 2026-06-16 πReferences: https://www.ransomware.live/id/S2VkYWhAbm92YQ== πRectifyq Taxonomies: Relevancy: π΄ Highly Relevant Category: π₯ Data Breach - TA-category="Ransomware" πMISP Galaxies: - target-inforβ¦Β»