πTitle: Threat Actors Weaponize AI Hype to Deliver AsyncRAT
π Date: 2026-06-11
πReferences:
https://www.fortinet.com/blog/threat-research/threat-actors-weaponize-ai-hype-to-deliver-asyncrat
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="malware-analysis"
β’ sub-category="campaign-analysis"
β’ topic="ai"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Fortinet"
β’ malpedia="AsyncRAT"
mitre-attack-pattern=['T1053.005', 'T1113', 'T1218.011', 'T1573.001', 'T1082', 'T1106', 'T1140', 'T1112', 'T1497', 'T1204', 'T1059.001', 'T1566', 'T1562.001', 'T1055.012', 'T1027', 'T1059.003', 'T1070.004', 'T1071.001', 'T1059.005']
MISP event uuid: a72101e4-904d-4526-b9e3-6e902513f24b
π Date: 2026-06-11
πReferences:
https://www.fortinet.com/blog/threat-research/threat-actors-weaponize-ai-hype-to-deliver-asyncrat
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="malware-analysis"
β’ sub-category="campaign-analysis"
β’ topic="ai"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Fortinet"
β’ malpedia="AsyncRAT"
mitre-attack-pattern=['T1053.005', 'T1113', 'T1218.011', 'T1573.001', 'T1082', 'T1106', 'T1140', 'T1112', 'T1497', 'T1204', 'T1059.001', 'T1566', 'T1562.001', 'T1055.012', 'T1027', 'T1059.003', 'T1070.004', 'T1071.001', 'T1059.005']
MISP event uuid: a72101e4-904d-4526-b9e3-6e902513f24b
Fortinet Blog
Threat Actors Weaponize AI Hype to Deliver AsyncRAT
FortiGuard Labs analyzes a multi-stage malware campaign that uses fake AI-themed documents, hidden PowerShell scripts, AutoHotkey loaders, and process injection to deploy AsyncRAT and maintain remoβ¦
πTitle: How Lookalike Domains Exploit Human Judgment
π Date: 2026-06-11
πReferences:
https://www.infoblox.com/blog/security/human-judgment-hacks-how-lookalike-domains-work/
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ sub-category="report"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Infoblox"
mitre-attack-pattern=['T1583', 'T1071.004', 'T1204.002', 'T1566.002', 'T1598.003', 'T1071', 'T1586.002', 'T1583.001', 'T1589', 'T1589.002', 'T1584', 'T1586', 'T1598.002', 'T1204', 'T1590', 'T1566', 'T1598', 'T1590.001', 'T1204.001', 'T1584.001']
MISP event uuid: 833736e2-fc4c-4f68-ab29-b048c427c6ee
π Date: 2026-06-11
πReferences:
https://www.infoblox.com/blog/security/human-judgment-hacks-how-lookalike-domains-work/
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ sub-category="report"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Infoblox"
mitre-attack-pattern=['T1583', 'T1071.004', 'T1204.002', 'T1566.002', 'T1598.003', 'T1071', 'T1586.002', 'T1583.001', 'T1589', 'T1589.002', 'T1584', 'T1586', 'T1598.002', 'T1204', 'T1590', 'T1566', 'T1598', 'T1590.001', 'T1204.001', 'T1584.001']
MISP event uuid: 833736e2-fc4c-4f68-ab29-b048c427c6ee
Infoblox Blog
Deceiving Humans: How Lookalike Domains Exploit Human Judgment
Learn how lookalike domains exploit human judgment, trust and perception to bypass security controls, and how DNS reveals attacker intent.
Rectifyq Cybersecurity News π²πΎ pinned Β«πTitle: Cyber-Enabled Maritime Sanctions Evasion π
Date: 2026-06-11 πReferences: https://www.recordedfuture.com/research/media_12cb79eec13b6af7520af3c1ae6768c0f4b25e945.gif?width=1200&format=pjpg&optimize=medium https://www.recordedfuture.com/research/cyberβ¦Β»
πTitle: Affidavit in Support of Application for Criminal Complaint
π Date: 2026-06-09
πReferences:
https://cyberscoop.com/wp-content/uploads/sites/3/2026/06/11-1.pdf
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="TA-profile"
β’ sub-category="report"
β’ target="broad-based"
β’ topic="geopolitical"
β’ TA-category="APT"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ target-information="United States"
β’ threat-actor="Void Blizzard"
mitre-attack-pattern=['T1133', 'T1114', 'T1071', 'T1562', 'T1567', 'T1589', 'T1185', 'T1090', 'T1020', 'T1588.001', 'T1070', 'T1586', 'T1590', 'T1048', 'T1588.002', 'T1566', 'T1078', 'T1573', 'T1598', 'T1213']
MISP event uuid: 48a8d13e-0e7e-4d6f-8807-d4d9761dc8b5
π Date: 2026-06-09
πReferences:
https://cyberscoop.com/wp-content/uploads/sites/3/2026/06/11-1.pdf
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="TA-profile"
β’ sub-category="report"
β’ target="broad-based"
β’ topic="geopolitical"
β’ TA-category="APT"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ target-information="United States"
β’ threat-actor="Void Blizzard"
mitre-attack-pattern=['T1133', 'T1114', 'T1071', 'T1562', 'T1567', 'T1589', 'T1185', 'T1090', 'T1020', 'T1588.001', 'T1070', 'T1586', 'T1590', 'T1048', 'T1588.002', 'T1566', 'T1078', 'T1573', 'T1598', 'T1213']
MISP event uuid: 48a8d13e-0e7e-4d6f-8807-d4d9761dc8b5
πTitle: Defending the Digital Pitch: World Cup 2026 Cyber Threats
π Date: 2026-06-11
πReferences:
https://www.cyberproof.com/blog/defending-the-digital-pitch-world-cup-2026-cyber-threats/
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
mitre-attack-pattern=['T1557', 'T1583', 'T1539', 'T1566.002', 'T1190', 'T1583.001', 'T1589', 'T1185', 'T1588.001', 'T1586', 'T1528', 'T1204', 'T1199', 'T1566', 'T1110', 'T1078', 'T1499', 'T1598', 'T1189', 'T1498']
MISP event uuid: 1708688e-6ab1-4949-83be-1fe8e61d59e3
π Date: 2026-06-11
πReferences:
https://www.cyberproof.com/blog/defending-the-digital-pitch-world-cup-2026-cyber-threats/
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
mitre-attack-pattern=['T1557', 'T1583', 'T1539', 'T1566.002', 'T1190', 'T1583.001', 'T1589', 'T1185', 'T1588.001', 'T1586', 'T1528', 'T1204', 'T1199', 'T1566', 'T1110', 'T1078', 'T1499', 'T1598', 'T1189', 'T1498']
MISP event uuid: 1708688e-6ab1-4949-83be-1fe8e61d59e3
CyberProof
Defending the Digital Pitch: World Cup 2026 Cyber Threats
Contributors: Amit Gini, Tom Saar, Liora Ziv Introduction Kicking off today, the 2026 FIFA World Cup is expected to be one of the largest and most
πTitle: World Cup 2026 Mobile Targeted Phishing: The Global Social Engineering Threat
π Date: 2026-06-11
πReferences:
https://zimperium.com/blog/world-cup-2026-mobile-targeted-phishing-the-global-social-engineering-threat?hs_amp=true
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ topic="mobile-attack"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Zimperium"
mitre-attack-pattern=['T1539', 'T1114', 'T1566.002', 'T1598.003', 'T1566.001', 'T1586.002', 'T1608.001', 'T1583.001', 'T1589', 'T1185', 'T1056.003', 'T1589.002', 'T1608.005', 'T1528', 'T1566', 'T1056', 'T1589.001', 'T1598', 'T1204.001']
MISP event uuid: 2d22208a-0035-4f4c-8dfd-a7b056feab82
π Date: 2026-06-11
πReferences:
https://zimperium.com/blog/world-cup-2026-mobile-targeted-phishing-the-global-social-engineering-threat?hs_amp=true
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ topic="mobile-attack"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Zimperium"
mitre-attack-pattern=['T1539', 'T1114', 'T1566.002', 'T1598.003', 'T1566.001', 'T1586.002', 'T1608.001', 'T1583.001', 'T1589', 'T1185', 'T1056.003', 'T1589.002', 'T1608.005', 'T1528', 'T1566', 'T1056', 'T1589.001', 'T1598', 'T1204.001']
MISP event uuid: 2d22208a-0035-4f4c-8dfd-a7b056feab82
Zimperium
World Cup 2026 Mobile Targeted Phishing: The Global Social Engineering Threat
true
πTitle: Targets Education Sector with Oracle PeopleSoft Exploit
π Date: 2026-06-11
πReferences:
https://cloud.google.com/blog/topics/threat-intelligence/shinyhunters-targets-education-sector-oracle-exploit
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ TA-category="Cybercrime"
β’ target="broad-based"
β’ mitre-att&ck="none-from-src"
β’ no-samples-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Mandiant"
β’ target-information="United States"
β’ sector="Education"
β’ threat-actor="ShinyHunters"
mitre-attack-pattern=['T1560.001', 'T1110.001', 'T1133', 'T1069', 'T1114', 'T1036.005', 'T1021.004', 'T1190', 'T1491', 'T1505.003', 'T1083', 'T1552.001', 'T1041', 'T1059.004', 'T1078', 'T1027', 'T1486', 'T1573.002', 'T1071.001', 'T1018']
MISP event uuid: 612a10dd-f897-4556-ab31-f50a1b128318
π Date: 2026-06-11
πReferences:
https://cloud.google.com/blog/topics/threat-intelligence/shinyhunters-targets-education-sector-oracle-exploit
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ TA-category="Cybercrime"
β’ target="broad-based"
β’ mitre-att&ck="none-from-src"
β’ no-samples-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Mandiant"
β’ target-information="United States"
β’ sector="Education"
β’ threat-actor="ShinyHunters"
mitre-attack-pattern=['T1560.001', 'T1110.001', 'T1133', 'T1069', 'T1114', 'T1036.005', 'T1021.004', 'T1190', 'T1491', 'T1505.003', 'T1083', 'T1552.001', 'T1041', 'T1059.004', 'T1078', 'T1027', 'T1486', 'T1573.002', 'T1071.001', 'T1018']
MISP event uuid: 612a10dd-f897-4556-ab31-f50a1b128318
Google Cloud Blog
ShinyHunters Targets Education Sector with Oracle PeopleSoft Exploit | Google Cloud Blog
An active compromise and extortion campaign attributed to ShinyHunters targeting Oracle PeopleSoft with a zero-day exploit.
πTitle: UNC1151/Ghostwriter phishing campaign targeting Gmail accounts
π Date: 2026-06-12
πReferences:
https://cert.pl/en/posts/2026/06/UNC1151-gmail-campaign/
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ TA-category="APT"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ target-information="Poland"
β’ threat-actor="Ghostwriter"
mitre-attack-pattern=['T1566']
MISP event uuid: 5c1e7285-f735-49d8-9fcf-ef31d47b10ae
π Date: 2026-06-12
πReferences:
https://cert.pl/en/posts/2026/06/UNC1151-gmail-campaign/
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ TA-category="APT"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ target-information="Poland"
β’ threat-actor="Ghostwriter"
mitre-attack-pattern=['T1566']
MISP event uuid: 5c1e7285-f735-49d8-9fcf-ef31d47b10ae
cert.pl
UNC1151/Ghostwriter phishing campaign targeting Gmail accounts
Recently, we have been observing attacks by the UNC1151/Ghostwriter group targeting Gmail accounts. This group has been regularly attacking the mailboxes of Polish citizens for several years, although in the past these attacks focused on other email providers.β¦
πTitle: How to defend ARM64 cloud infrastructure
π Date: 2026-06-11
πReferences:
https://www.reversinglabs.com/blog/defend-cloud-infrastructure-itscape
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: π Vulnerability
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ sub-category="critical-vuln"
β’ target="broad-based"
β’ topic="cloud"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
mitre-attack-pattern=['T1592', 'T1082', 'T1005', 'T1611', 'T1610', 'T1548', 'T1059', 'T1609', 'T1204', 'T1068']
MISP event uuid: b91d23b7-24fc-4cac-87d6-d5dc6b6bfd67
π Date: 2026-06-11
πReferences:
https://www.reversinglabs.com/blog/defend-cloud-infrastructure-itscape
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: π Vulnerability
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ sub-category="critical-vuln"
β’ target="broad-based"
β’ topic="cloud"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
mitre-attack-pattern=['T1592', 'T1082', 'T1005', 'T1611', 'T1610', 'T1548', 'T1059', 'T1609', 'T1204', 'T1068']
MISP event uuid: b91d23b7-24fc-4cac-87d6-d5dc6b6bfd67
ReversingLabs
How to defend ARM64 cloud infrastructure from ITScape | RL Blog
RL has documented CVE-2026-46316, and developed two YARA rules to help detect exploits of the multi-tenant cloud vulnerability.
πTitle: Akira, LimeWire, and the Sour Taste of Data Exfiltration
π Date: 2026-06-12
πReferences:
https://www.huntress.com/blog/akira-ransomware-limewire-data-exfiltration
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="intrusion-analysis"
β’ TA-category="Ransomware"
β’ target="targeted"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Huntress"
β’ ransomware="Akira"
mitre-attack-pattern=['T1560.001', 'T1069', 'T1074.001', 'T1087.002', 'T1082', 'T1005', 'T1140', 'T1083', 'T1497', 'T1041', 'T1562.001', 'T1078', 'T1486', 'T1567.002', 'T1018', 'T1105', 'T1021.001', 'T1490']
MISP event uuid: bb394d28-549f-4209-a897-d318fd04266f
π Date: 2026-06-12
πReferences:
https://www.huntress.com/blog/akira-ransomware-limewire-data-exfiltration
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="intrusion-analysis"
β’ TA-category="Ransomware"
β’ target="targeted"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Huntress"
β’ ransomware="Akira"
mitre-attack-pattern=['T1560.001', 'T1069', 'T1074.001', 'T1087.002', 'T1082', 'T1005', 'T1140', 'T1083', 'T1497', 'T1041', 'T1562.001', 'T1078', 'T1486', 'T1567.002', 'T1018', 'T1105', 'T1021.001', 'T1490']
MISP event uuid: bb394d28-549f-4209-a897-d318fd04266f
Huntress
Akira, LimeWire, and the Sour Taste of Data Exfiltration | Huntress
A recent investigation uncovered an Akira affiliate abusing a website owned by file-sharing app LimeWire for data exfiltration. Here's how the attack unfolded.
πTitle: Interlock and Rhysida within the Ransomware Ecosystem
π Date: 2026-06-12
πReferences:
https://www.ibm.com/think/x-force/interlock-and-rhysida-within-the-ransonware-ecosystem
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="TA-profile"
β’ TA-category="Ransomware"
β’ target="broad-based"
β’ samples-found-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="IBM X-Force"
β’ target-information="United States"
β’ ransomware="interlock"
β’ ransomware="rhysida"
mitre-attack-pattern=['T1053.005', 'T1218.011', 'T1003', 'T1087.002', 'T1140', 'T1190', 'T1055', 'T1482', 'T1083', 'T1204', 'T1059.001', 'T1547.001', 'T1566', 'T1486', 'T1203', 'T1059.003', 'T1189', 'T1027.002', 'T1018', 'T1105', 'T1021.001', 'T1490']
MISP event uuid: 4f2a0ee4-d11b-46a6-ba6d-1f9be509076d
π Date: 2026-06-12
πReferences:
https://www.ibm.com/think/x-force/interlock-and-rhysida-within-the-ransonware-ecosystem
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="TA-profile"
β’ TA-category="Ransomware"
β’ target="broad-based"
β’ samples-found-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="IBM X-Force"
β’ target-information="United States"
β’ ransomware="interlock"
β’ ransomware="rhysida"
mitre-attack-pattern=['T1053.005', 'T1218.011', 'T1003', 'T1087.002', 'T1140', 'T1190', 'T1055', 'T1482', 'T1083', 'T1204', 'T1059.001', 'T1547.001', 'T1566', 'T1486', 'T1203', 'T1059.003', 'T1189', 'T1027.002', 'T1018', 'T1105', 'T1021.001', 'T1490']
MISP event uuid: 4f2a0ee4-d11b-46a6-ba6d-1f9be509076d
Ibm
Interlock and Rhysida within the Ransomware Ecosystem | IBM
IBM X-Force uncovers deep links between Interlock and Rhysida ransomware actors, detailing shared malware, crypters, and infrastructure across the ecosystem, with insights into infection chains, initial access brokers, and evolving tools over two years ofβ¦
πTitle: How 23 Browser Extensions Silently Monetize ~758,000 Users' Searches
π Date: 2026-06-09
πReferences:
https://malext.io/reports/SearchJack
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ TA-category="Cybercrime"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
mitre-attack-pattern=['T1033', 'T1056.001', 'T1539', 'T1036.005', 'T1204.002', 'T1566.002', 'T1082', 'T1176', 'T1005', 'T1036', 'T1185', 'T1112', 'T1083', 'T1568', 'T1027', 'T1573', 'T1213', 'T1189', 'T1071.001']
MISP event uuid: c2e25435-9441-48e7-a5cc-c2a50ceff102
π Date: 2026-06-09
πReferences:
https://malext.io/reports/SearchJack
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ TA-category="Cybercrime"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
mitre-attack-pattern=['T1033', 'T1056.001', 'T1539', 'T1036.005', 'T1204.002', 'T1566.002', 'T1082', 'T1176', 'T1005', 'T1036', 'T1185', 'T1112', 'T1083', 'T1568', 'T1027', 'T1573', 'T1213', 'T1189', 'T1071.001']
MISP event uuid: c2e25435-9441-48e7-a5cc-c2a50ceff102
malext.io
SearchJack: How 23 Browser Extensions Silently Monetize ~758,000 Users' Searches - MalExt Sentry
Threat intelligence report: SearchJack: How 23 Browser Extensions Silently Monetize ~758,000 Users' Searches. Research by MalExt Sentry.
πTitle: Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2
π Date: 2026-06-15
πReferences:
https://www.genians.co.kr/en/blog/threat_intelligence/narwhalrat
πRectifyq Taxonomies:
Relevancy: β« Not Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="intrusion-analysis"
β’ TA-category="APT"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ threat-actor="APT37"
mitre-attack-pattern=['T1053.005', 'T1113', 'T1056.001', 'T1025', 'T1204.002', 'T1497.001', 'T1566.001', 'T1005', 'T1140', 'T1055', 'T1112', 'T1041', 'T1059.001', 'T1547.001', 'T1027', 'T1059.003', 'T1070.004', 'T1071.001', 'T1102.001']
MISP event uuid: 24638e19-caf4-4253-8ead-b7f85dda8137
π Date: 2026-06-15
πReferences:
https://www.genians.co.kr/en/blog/threat_intelligence/narwhalrat
πRectifyq Taxonomies:
Relevancy: β« Not Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="intrusion-analysis"
β’ TA-category="APT"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ threat-actor="APT37"
mitre-attack-pattern=['T1053.005', 'T1113', 'T1056.001', 'T1025', 'T1204.002', 'T1497.001', 'T1566.001', 'T1005', 'T1140', 'T1055', 'T1112', 'T1041', 'T1059.001', 'T1547.001', 'T1027', 'T1059.003', 'T1070.004', 'T1071.001', 'T1102.001']
MISP event uuid: 24638e19-caf4-4253-8ead-b7f85dda8137
www.genians.co.kr
Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2
Compiled Python-based malware continues to spread. Malicious LNK files execute PowerShell and batch commands, ultimately deploying NarwhalRAT.
πTitle: Inside OnyxC2: The New Stealer Targeting 210 Apps
π Date: 2026-06-11
πReferences:
https://www.blackfog.com/inside-onyxc2-the-new-stealer-targeting-210-apps
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="from-original-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="tool-profile"
β’ target="broad-based"
β’ TA-category="Cybercrime"
β’ samples-found-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
mitre-attack-pattern=['T1053.005', 'T1113', 'T1056.001', 'T1539', 'T1555.005', 'T1555.003', 'T1027.001', 'T1003.001', 'T1497', 'T1041', 'T1090.003', 'T1027', 'T1564.003', 'T1071.001', 'T1574.002']
MISP event uuid: d9262ac6-5e84-4e20-82d7-6a520239ed85
π Date: 2026-06-11
πReferences:
https://www.blackfog.com/inside-onyxc2-the-new-stealer-targeting-210-apps
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="from-original-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="tool-profile"
β’ target="broad-based"
β’ TA-category="Cybercrime"
β’ samples-found-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
mitre-attack-pattern=['T1053.005', 'T1113', 'T1056.001', 'T1539', 'T1555.005', 'T1555.003', 'T1027.001', 'T1003.001', 'T1497', 'T1041', 'T1090.003', 'T1027', 'T1564.003', 'T1071.001', 'T1574.002']
MISP event uuid: d9262ac6-5e84-4e20-82d7-6a520239ed85
BlackFog
Inside OnyxC2: The New Stealer Targeting 210 Apps | BlackFog
Discover OnyxC2, the new malware-as-a-service stealer targeting 210 apps, how it evades detection, steals credentials, and enables data theft.
πTitle: The Devil, Eight Million Emails, and a Whole Lot of Milk | Phishing Stager Exposed
π Date: 2026-06-15
πReferences:
https://www.huntress.com/blog/terminal-server-phishing-stager-exposed
πRectifyq Taxonomies:
Relevancy: β« Not Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="intrusion-analysis"
β’ target="targeted"
β’ no-samples-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Huntress"
β’ target-information="United Kingdom"
β’ target-information="Bolivia"
mitre-attack-pattern=['T1133', 'T1114', 'T1566.002', 'T1598.003', 'T1586.002', 'T1036', 'T1185', 'T1071.003', 'T1535', 'T1589.002', 'T1090', 'T1078', 'T1027', 'T1132', 'T1189', 'T1584.004']
MISP event uuid: d5715164-f8a4-40b1-b225-96ea7a71e85e
π Date: 2026-06-15
πReferences:
https://www.huntress.com/blog/terminal-server-phishing-stager-exposed
πRectifyq Taxonomies:
Relevancy: β« Not Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="intrusion-analysis"
β’ target="targeted"
β’ no-samples-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Huntress"
β’ target-information="United Kingdom"
β’ target-information="Bolivia"
mitre-attack-pattern=['T1133', 'T1114', 'T1566.002', 'T1598.003', 'T1586.002', 'T1036', 'T1185', 'T1071.003', 'T1535', 'T1589.002', 'T1090', 'T1078', 'T1027', 'T1132', 'T1189', 'T1584.004']
MISP event uuid: d5715164-f8a4-40b1-b225-96ea7a71e85e
Huntress
The Devil, Eight Million Emails, and a Whole Lot of Milk | Phishing Stager Exposed | Huntress
A compromised terminal server became a phishing stager. A fake Boots survey aimed at 8.9 million inboxes, with the payload on a hacked Bolivian government site.
πTitle: Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years: How Cybercriminals Are Targeting Travelers in 2026
π Date: 2026-06-15
πReferences:
https://blog.checkpoint.com/research/travel-phishing-and-cyber-attacks-are-surging-in-2026-growing-122-over-the-last-3-years-heres-what-cyber-criminals-are-actually-doing/
πRectifyq Taxonomies:
Relevancy: π΄ Highly Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ TA-category="Cybercrime"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Check Point"
β’ target-information="Malaysia"
β’ target-information="Canada"
mitre-attack-pattern=['T1583', 'T1539', 'T1114', 'T1204.002', 'T1566.002', 'T1598.003', 'T1583.001', 'T1056.003', 'T1204', 'T1566', 'T1585.001', 'T1056', 'T1132', 'T1598', 'T1585', 'T1213']
MISP event uuid: be7ce1a3-06b7-40b8-baae-d4fa3adfba87
π Date: 2026-06-15
πReferences:
https://blog.checkpoint.com/research/travel-phishing-and-cyber-attacks-are-surging-in-2026-growing-122-over-the-last-3-years-heres-what-cyber-criminals-are-actually-doing/
πRectifyq Taxonomies:
Relevancy: π΄ Highly Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ TA-category="Cybercrime"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Check Point"
β’ target-information="Malaysia"
β’ target-information="Canada"
mitre-attack-pattern=['T1583', 'T1539', 'T1114', 'T1204.002', 'T1566.002', 'T1598.003', 'T1583.001', 'T1056.003', 'T1204', 'T1566', 'T1585.001', 'T1056', 'T1132', 'T1598', 'T1585', 'T1213']
MISP event uuid: be7ce1a3-06b7-40b8-baae-d4fa3adfba87
Check Point Blog
Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years. Here's What Cyber Criminals Are Actuallyβ¦
Every summer, hundreds of millions of people book flights, reserve hotels, and plan vacations online. And every summer, cyber criminals show up to take %Travel cyberattacks have surged 122% since 2023. Discover how hackers use fake Booking.com, Airbnb, andβ¦
πTitle: OptinMonster supply chain attack hits 1.2 million sites
π Date: 2026-06-13
πReferences:
https://sansec.io/research/optinmonster-supply-chain-attack
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ topic="supply-chain"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
mitre-attack-pattern=['T1033', 'T1132.001', 'T1573.001', 'T1087.001', 'T1082', 'T1140', 'T1218', 'T1070.006', 'T1505.003', 'T1136.001', 'T1090.002', 'T1083', 'T1114.003', 'T1564.002', 'T1562.003', 'T1059.004', 'T1027', 'T1195.002', 'T1071.001', 'T1078.003']
MISP event uuid: f99b496b-ce4c-43ce-87f6-8024f8c36a0f
π Date: 2026-06-13
πReferences:
https://sansec.io/research/optinmonster-supply-chain-attack
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ topic="supply-chain"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
mitre-attack-pattern=['T1033', 'T1132.001', 'T1573.001', 'T1087.001', 'T1082', 'T1140', 'T1218', 'T1070.006', 'T1505.003', 'T1136.001', 'T1090.002', 'T1083', 'T1114.003', 'T1564.002', 'T1562.003', 'T1059.004', 'T1027', 'T1195.002', 'T1071.001', 'T1078.003']
MISP event uuid: f99b496b-ce4c-43ce-87f6-8024f8c36a0f
Sansec
OptinMonster supply chain attack hits 1.2 million sites
Malware adds admin accounts and hidden backdoor to sites using OptinMonster, TrustPulse or PushEngage plugins.
πTitle: The Package That Never Shipped: Following a USPS Smishing Kit Through DNS Data
π Date: 2026-06-13
πReferences:
https://censys.com/blog/following-a-usps-smishing-kit-through-censys-dns-data/
πRectifyq Taxonomies:
Relevancy: β« Not Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ topic="mobile-attack"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="censys"
mitre-attack-pattern=['T1583', 'T1056.001', 'T1036.005', 'T1566.002', 'T1598.003', 'T1071', 'T1586.002', 'T1608.001', 'T1583.001', 'T1036', 'T1185', 'T1586', 'T1608', 'T1583.006', 'T1041', 'T1566', 'T1027', 'T1573', 'T1056', 'T1598', 'T1071.001']
MISP event uuid: 5f1db648-9b34-47fd-aa68-47e63fa3de4b
π Date: 2026-06-13
πReferences:
https://censys.com/blog/following-a-usps-smishing-kit-through-censys-dns-data/
πRectifyq Taxonomies:
Relevancy: β« Not Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ topic="mobile-attack"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ no-samples-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="censys"
mitre-attack-pattern=['T1583', 'T1056.001', 'T1036.005', 'T1566.002', 'T1598.003', 'T1071', 'T1586.002', 'T1608.001', 'T1583.001', 'T1036', 'T1185', 'T1586', 'T1608', 'T1583.006', 'T1041', 'T1566', 'T1027', 'T1573', 'T1056', 'T1598', 'T1071.001']
MISP event uuid: 5f1db648-9b34-47fd-aa68-47e63fa3de4b
Censys
The Package That Never Shipped: Following a USPS Smishing Kit Through Censys DNS Data - Censys
Executive Summary It Starts With a Text Message You know the message. Everyone has gotten one. A package could not be delivered, there is an unpaid customs fee or a bad address, and here is a helpful link to fix it. This one pointed at: Believe it or notβ¦
πTitle: Attackers Weaponize Microsoft Teams Relays to Stay Hidden
π Date: 2026-06-16
πReferences:
https://www.security.com/threat-intelligence/dragonforce-msteams-backdoor
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ TA-category="Ransomware"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Symantec"
β’ target-information="United States"
mitre-attack-pattern=['T1003', 'T1087.002', 'T1190', 'T1567', 'T1055', 'T1021', 'T1112', 'T1555.003', 'T1562.006', 'T1562.001', 'T1027', 'T1486', 'T1071.001', 'T1136', 'T1018', 'T1574.002', 'T1569.002', 'T1090.001']
MISP event uuid: afa946fd-9cd9-4c73-93c2-b2147fdefd2e
π Date: 2026-06-16
πReferences:
https://www.security.com/threat-intelligence/dragonforce-msteams-backdoor
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ TA-category="Ransomware"
β’ target="broad-based"
β’ no-samples-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Symantec"
β’ target-information="United States"
mitre-attack-pattern=['T1003', 'T1087.002', 'T1190', 'T1567', 'T1055', 'T1021', 'T1112', 'T1555.003', 'T1562.006', 'T1562.001', 'T1027', 'T1486', 'T1071.001', 'T1136', 'T1018', 'T1574.002', 'T1569.002', 'T1090.001']
MISP event uuid: afa946fd-9cd9-4c73-93c2-b2147fdefd2e
Security
Hidden in Teams: DragonForce Attackers Weaponize Microsoft Teams Relays to Stay Hidden
Backdoor.Turn, a Go-based RAT, is the first known malware to abuse Microsoft Teams' TURN relay servers to mask command-and-control traffic. The attackers also used a previously unknown vulnerability in a Huawei driver.
πTitle: Potemkin Loader & RMMProject The Anatomy of a ClickFix Attack
π Date: 2026-06-16
πReferences:
https://www.huntress.com/blog/potemkin-loader-rmmproject-clickfix-attack
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ target="broad-based"
β’ detection-rules="yara-from-src"
β’ samples-found-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Huntress"
mitre-attack-pattern=['T1053.005', 'T1047', 'T1056.001', 'T1568.002', 'T1036.005', 'T1204.002', 'T1218.007', 'T1140', 'T1055', 'T1021.002', 'T1555.003', 'T1021.006', 'T1218.005', 'T1547.001', 'T1056.002', 'T1562.001', 'T1027', 'T1573', 'T1071.001']
MISP event uuid: ce6915b2-f7f6-4148-96ff-9f03338de345
π Date: 2026-06-16
πReferences:
https://www.huntress.com/blog/potemkin-loader-rmmproject-clickfix-attack
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="none-from-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="campaign-analysis"
β’ target="broad-based"
β’ detection-rules="yara-from-src"
β’ samples-found-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Huntress"
mitre-attack-pattern=['T1053.005', 'T1047', 'T1056.001', 'T1568.002', 'T1036.005', 'T1204.002', 'T1218.007', 'T1140', 'T1055', 'T1021.002', 'T1555.003', 'T1021.006', 'T1218.005', 'T1547.001', 'T1056.002', 'T1562.001', 'T1027', 'T1573', 'T1071.001']
MISP event uuid: ce6915b2-f7f6-4148-96ff-9f03338de345
Huntress
Potemkin Loader & RMMProject The Anatomy of a ClickFix Attack | Huntress
A ClickFix infection drops Potemkin loader and RMMProject RAT, leading to browser theft, hidden remote desktop, and lateral movement across over 11 hosts.
πTitle: Android Banker with Complete Device Takeover Capabilities
π Date: 2026-06-16
πReferences:
https://zimperium.com/blog/rokarolla-android-banker-with-complete-device-takeover-capabilities
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="from-original-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="malware-analysis"
β’ topic="mobile-attack"
β’ target="broad-based"
β’ samples-found-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Zimperium"
mitre-attack-pattern=['T1517', 'T1429', 'T1624.001', 'T1616', 'T1414', 'T1637', 'T1646', 'T1417.002', 'T1516', 'T1417.001', 'T1655.001', 'T1660', 'T1582', 'T1636.004', 'T1513', 'T1418', 'T1406.002', 'T1426']
MISP event uuid: c4f048d7-9154-4c0a-9313-9f454c1e3bce
π Date: 2026-06-16
πReferences:
https://zimperium.com/blog/rokarolla-android-banker-with-complete-device-takeover-capabilities
πRectifyq Taxonomies:
Relevancy: π΅ Potentially Relevant
Category: β Threat
β’ mitre-att&ck="from-original-src"
β’ mitre-att&ck="from-OTX"
β’ sub-category="malware-analysis"
β’ topic="mobile-attack"
β’ target="broad-based"
β’ samples-found-in="MalwareBazaar"
β’ samples-found-in="Tria.ge"
β’ action-taken="VT-comment"
πMISP Galaxies:
β’ producer="Zimperium"
mitre-attack-pattern=['T1517', 'T1429', 'T1624.001', 'T1616', 'T1414', 'T1637', 'T1646', 'T1417.002', 'T1516', 'T1417.001', 'T1655.001', 'T1660', 'T1582', 'T1636.004', 'T1513', 'T1418', 'T1406.002', 'T1426']
MISP event uuid: c4f048d7-9154-4c0a-9313-9f454c1e3bce
Zimperium
Rokarolla : Android Banker with Complete Device Takeover Capabilities
true