📃Title: Investigation of email-based attack delivering MediaFire ZIP file with execution chain analysis
📅Date: 2026-06-16
🔗References:
https://x.com/Kostastsale/status/2066545189137629302

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="intrusion-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1053.005', 'T1218.011', 'T1036.005', 'T1204.002', 'T1566.002', 'T1055', 'T1027.001', 'T1059.001', 'T1547.001', 'T1095', 'T1132', 'T1071.001', 'T1574.002', 'T1105']

MISP event uuid: be236a57-ec5e-4964-8305-33827a5a10fc

📃Title: [Ransomware] Unconfirmed: mli******** UPD******** DAT* DUM* NEW LIN* 10G*
📅Date: 2026-06-24
🔗References: https://www.ransomware.live/id/bWxpdC5jb20ubXkgVVBEQVRFLUZVTEwgREFUQSBEVU1QIE5FVyBMSU5LIDEwR0JAc3Rvcm1vdXM=

🔖Rectifyq Taxonomies:
Relevancy: 🔴 Highly Relevant
Category: 💥 Data Breach
- TA-category="Ransomware"

🔖MISP Galaxies:
- target-information="Malaysia"
- sector="Public Sector"
- ransomware="stormous"
mitre-attack-pattern=[]

MISP event uuid: 3f90713d-8875-4d1f-96e2-5a4aefbfe476

📃Title: How attackers are jailbreaking LLMs with CTF framing and how to catch them
📅Date: 2026-06-15
🔗References:
https://www.sysdig.com/blog/how-attackers-are-jailbreaking-llms-with-ctf-framing-and-how-to-catch-them

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="ai"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

MISP event uuid: a667f34d-d768-47b3-9f64-ae7a72b86b82

📃Title: Public and Private Medical Community Targeted by Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research
📅Date: 2026-06-16
🔗References:
https://cloud.google.com/blog/topics/threat-intelligence/prc-targets-us-medical-research

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• TA-category="APT"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Mandiant"
• target-information="United States"
• target-information="Canada"
mitre-attack-pattern=['T1190', 'T1555', 'T1567', 'T1505.003', 'T1056.003', 'T1114.003', 'T1554', 'T1090.003', 'T1562.001', 'T1027', 'T1213', 'T1071.001', 'T1689']

MISP event uuid: aa407ecb-686f-4bfa-a7cd-42fa26fd2128

📃Title: WebAssembly Malware Found in Trojanized Open VSX Extensions
📅Date: 2026-06-15
🔗References:
https://socket.dev/blog/glasswasm-malware-open-vsx-extensions

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="supply-chain"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="37ebf9d7-5e9a-466f-a42c-6e60313db868"
mitre-attack-pattern=['T1195.001', 'T1036.005', 'T1204.002', 'T1573.001', 'T1497.001', 'T1140', 'T1497.003', 'T1102', 'T1059.001', 'T1059.004', 'T1562.001', 'T1027', 'T1518.001', 'T1059.003', 'T1071.001', 'T1105', 'T1102.001']

MISP event uuid: 43eb70af-9f4f-4cb9-98c9-15bcea35e6a9

📃Title: Gamers beware: malicious wallpapers on Steam found stealing accounts
📅Date: 2026-06-16
🔗References:
https://securelist.com/dozens-of-malicious-wallpapers-found-on-steam-workshop/120186/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Kaspersky"
• target-information="British Indian Ocean Territory"
• target-information="Canada"
• target-information="China"
• target-information="Germany"
• target-information="Hong Kong"
• target-information="India"
• target-information="Russia"
• target-information="Singapore"
mitre-attack-pattern=['T1543', 'T1539', 'T1547', 'T1564', 'T1071', 'T1140', 'T1562', 'T1555', 'T1055', 'T1560', 'T1608', 'T1204', 'T1574', 'T1078', 'T1027', 'T1573', 'T1496', 'T1485', 'T1518', 'T1105']

MISP event uuid: 51c79e71-685f-4c88-b907-1579de218020

📃Title: New APT-Q-27 sample spotted
📅Date: 2026-06-17
🔗References:
https://x.com/askardyuss/status/2066859258130665974

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="malware-analysis"
• TA-category="APT"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
mitre-attack-pattern=['T1204.002', 'T1553.002', 'T1036', 'T1059', 'T1027', 'T1071.001', 'T1574.002', 'T1105']

MISP event uuid: 2af465d9-1888-4e99-abe1-dc82d348aa41

📃Title: Bluekit Phishing as a Service (PhaaS)
📅Date: 2026-06-16
🔗References:
https://www.cloudsek.com/blog/bluekit-phishing-as-a-service-phaas

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: 💉 Vulnerability
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="tool-profile"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="CloudSEK"
mitre-attack-pattern=[]

MISP event uuid: cab18fbe-dd41-40ba-9768-7b2329c53e94

📃Title: FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed – Claim Your Ethical Disclosure
📅Date: 2026-06-17
🔗References:
https://www.infostealers.com/article/fortibleed-75000-fortinet-firewalls-compromised-global-enterprises-exposed-claim-your-ethical-disclosure/
https://www.linkedin.com/feed/update/urn:li:activity:7471222472193830913/
https://doublepulsar.com/fortibleed-75k-fortinet-firewalls-have-admin-passwords-cracked-60299faa65f8

🔖Rectifyq Taxonomies:
Relevancy: 🔴 Highly Relevant
Category: 💥 Data Breach
• sub-category="report"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

MISP event uuid: 62d63a50-b78f-45df-98a9-da606487a500

📃Title: ClickFix Campaign Generated Via AI Delivers SmartRAT
📅Date: 2026-06-17
🔗References:
https://www.zscaler.com/blogs/security-research/clickfix-campaign-generated-ai-delivers-smartrat

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="from-original-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="ai"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Zscaler"
• target-information="Brazil"
mitre-attack-pattern=['T1113', 'T1056.001', 'T1543.003', 'T1082', 'T1071', 'T1106', 'T1005', 'T1140', 'T1036', 'T1055', 'T1185', 'T1112', 'T1059', 'T1497', 'T1059.001', 'T1566', 'T1027', 'T1070.004', 'T1518', 'T1569.002']

MISP event uuid: b8e89796-9b5f-440b-aa35-6426dd5ab953

📃Title: More Than 4,000 Legacy Routers Compromised by AryStinger, Turned into Global Attack Proxies for Hackers
📅Date: 2026-06-17
🔗References:
https://blog.xlab.qianxin.com/arystinger-botnet-hijacks-legacy-routers-for-global-attacks-en/

🔖Rectifyq Taxonomies:
Relevancy: 🔴 Highly Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• target-information="China"
• target-information="Malaysia"
• target-information="Singapore"
• target-information="South Korea"
• target-information="Sweden"
mitre-attack-pattern=['T1543', 'T1082', 'T1071', 'T1190', 'T1021', 'T1016', 'T1087', 'T1090', 'T1059', 'T1083', 'T1049', 'T1057', 'T1027', 'T1573', 'T1095', 'T1505', 'T1071.001', 'T1136', 'T1018', 'T1046']

MISP event uuid: 65db42c9-e25b-479e-95cf-d21fd34c73ae

📃Title: From emerging threat to top-tier ransomware-as-a-service: The evolution of INC ransomware
📅Date: 2026-06-17
🔗References:
https://www.acronis.com/en/tru/posts/from-emerging-threat-to-top-tier-ransomware-as-a-service-the-evolution-of-inc-ransomware/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="TA-profile"
• TA-category="Ransomware"
• target="broad-based"
• samples-found-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="8545fbf3-a246-4938-96a9-85a24651ebde"
• ransomware="inc ransom"
mitre-attack-pattern=['T1557', 'T1003', 'T1489', 'T1071', 'T1190', 'T1567', 'T1219', 'T1021.002', 'T1112', 'T1083', 'T1566', 'T1562.001', 'T1078', 'T1486', 'T1027.002', 'T1018', 'T1021.001', 'T1569.002', 'T1490']

MISP event uuid: 3b84c17c-e7c9-4b2f-89aa-2a39620d3f4c

📃Title: 140+ npm Packages Compromised in Coordinated Supply Chain Attack
📅Date: 2026-06-17
🔗References:
https://socket.dev/blog/mastra-npm-packages-compromised

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="supply-chain"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="37ebf9d7-5e9a-466f-a42c-6e60313db868"
mitre-attack-pattern=['T1132.001', 'T1059.007', 'T1543.003', 'T1497.001', 'T1082', 'T1005', 'T1140', 'T1185', 'T1555.003', 'T1083', 'T1057', 'T1041', 'T1547.001', 'T1027', 'T1195.002', 'T1543.001', 'T1070.004', 'T1071.001', 'T1543.002', 'T1547.013']

MISP event uuid: 79140557-e79d-42f1-ac42-9cfda99c9709

📃Title: Okendo Reviews Supply Chain Attack
📅Date: 2026-06-18
🔗References:
https://www.zscaler.com/blogs/security-research/smartapesg-launches-okendo-reviews-supply-chain-attack

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• topic="supply-chain"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Zscaler"
mitre-attack-pattern=['T1053.005', 'T1047', 'T1204.002', 'T1566.002', 'T1082', 'T1140', 'T1059', 'T1218.005', 'T1059.001', 'T1547.001', 'T1027', 'T1573', 'T1195.002', 'T1203', 'T1071.001', 'T1059.005', 'T1105', 'T1204.001']

MISP event uuid: 2bed1cd7-b7d1-4eb0-b03f-9499f23ccc05

📃Title: Operation Endgame vs. SocGholish Fake Updates
📅Date: 2026-06-18
🔗References:
https://www.infoblox.com/blog/threat-intelligence/hot-take-operation-endgame-vs-socgholish/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• sub-category="report"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Infoblox"
• malpedia="FAKEUPDATES"
• threat-actor="GOLD PRELUDE"
mitre-attack-pattern=['T1053.005', 'T1033', 'T1132.001', 'T1059.007', 'T1069', 'T1204.002', 'T1082', 'T1036', 'T1087', 'T1583.003', 'T1083', 'T1547.001', 'T1027', 'T1567.002', 'T1518.001', 'T1189', 'T1071.001', 'T1584.001']

MISP event uuid: 0cb847d3-4247-4df8-990c-25e60867a1ce

📃Title: Sayonara, SocGholish: Operation Endgame Disrupts Major Cybercrime Operation
📅Date: 2026-06-18
🔗References:
https://www.proofpoint.com/us/blog/threat-insight/sayonara-socgholish-operation-endgame-disrupts-major-cybercrime-operation

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• sub-category="report"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Proofpoint"
• target-information="United States"
• target-information="Australia"
• target-information="Canada"
• target-information="Germany"
• target-information="Netherlands"
• target-information="United Kingdom"
• malpedia="FAKEUPDATES"
• threat-actor="GOLD PRELUDE"
mitre-attack-pattern=['T1059.007', 'T1547', 'T1204.002', 'T1566.002', 'T1140', 'T1190', 'T1219', 'T1036', 'T1090.002', 'T1041', 'T1059.001', 'T1562.001', 'T1078', 'T1027', 'T1486', 'T1203', 'T1189', 'T1071.001', 'T1105', 'T1564.001']

MISP event uuid: cbbb0cbd-c005-4ce4-b14e-402de47bd176

📃Title: May 2026 Infostealer Trend Report
📅Date: 2026-06-17
🔗References:
https://asec.ahnlab.com/en/94172/

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• sub-category="report"
• target="broad-based"
• samples-found-in="MalwareBazaar"
• samples-found-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="AhnLab"
• malpedia="Lumma Stealer"
• malpedia="Remus"
mitre-attack-pattern=['T1113', 'T1056.001', 'T1539', 'T1082', 'T1005', 'T1140', 'T1555', 'T1036', 'T1083', 'T1204', 'T1057', 'T1041', 'T1071.002', 'T1547.001', 'T1566', 'T1059.004', 'T1027', 'T1203', 'T1071.001', 'T1574.002']

MISP event uuid: 5c39093d-4670-4614-8a23-63442c98e015

📃Title: Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign
📅Date: 2026-06-17
🔗References:
https://www.trendmicro.com/en_us/research/26/f/claudeai-shared-chat-abused-in-malvertising.html

🔖Rectifyq Taxonomies:
Relevancy: 🔴 Highly Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="infra-profile"
• topic="ai"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Trend Micro"
• target-information="British Indian Ocean Territory"
• target-information="France"
• target-information="Hong Kong"
• target-information="India"
• target-information="Italy"
• target-information="Japan"
• target-information="Malaysia"
• target-information="Singapore"
• target-information="Taiwan"
mitre-attack-pattern=['T1033', 'T1539', 'T1036.005', 'T1497.001', 'T1566.002', 'T1082', 'T1005', 'T1140', 'T1555', 'T1555.003', 'T1083', 'T1552.001', 'T1583.006', 'T1041', 'T1059.004', 'T1204.003', 'T1189', 'T1105', 'T1102.001']

MISP event uuid: f66d7792-44c8-4b5a-8f0e-7357bd8352cb

📃Title: GitBait: Phishing targeting the Mexican financial sector
📅Date: 2026-06-18
🔗References:
https://www.group-ib.com/blog/gitbait-phishing-mexico-banking-finance-es/

🔖Rectifyq Taxonomies:
Relevancy: ⚫ Not Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="campaign-analysis"
• target="broad-based"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• producer="Group-IB"
• target-information="Mexico"
• sector="Bank"
mitre-attack-pattern=[]

MISP event uuid: 10458e7b-10eb-4cde-8201-cf2cab6aef88

📃Title: Twitter Feed - nextronresearch - 17-06-2026
📅Date: 2026-06-18
🔗References:
https://x.com/nextronresearch/status/2067230614424600844

🔖Rectifyq Taxonomies:
Relevancy: 🔵 Potentially Relevant
Category: ⚔ Threat
• mitre-att&ck="none-from-src"
• mitre-att&ck="from-OTX"
• sub-category="malware-analysis"
• target="broad-based"
• TA-category="APT"
• no-samples-in="MalwareBazaar"
• no-samples-in="Tria.ge"
• action-taken="VT-comment"

🔖MISP Galaxies:
• target-information="India"
• threat-actor="SideCopy"
• threat-actor="Operation C-Major"
mitre-attack-pattern=['T1547', 'T1204.002', 'T1566.001', 'T1082', 'T1140', 'T1036', 'T1112', 'T1059.001', 'T1547.001', 'T1027', 'T1027.002', 'T1071.001', 'T1105', 'T1204.001']

MISP event uuid: d76f1307-3376-49af-bc2c-bc11d8e6c5df