๐Title: New APT-Q-27 sample spotted
๐ Date: 2026-06-17
๐References:
https://x.com/askardyuss/status/2066859258130665974
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="malware-analysis"
โข TA-category="APT"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
mitre-attack-pattern=['T1204.002', 'T1553.002', 'T1036', 'T1059', 'T1027', 'T1071.001', 'T1574.002', 'T1105']
MISP event uuid: 2af465d9-1888-4e99-abe1-dc82d348aa41
๐ Date: 2026-06-17
๐References:
https://x.com/askardyuss/status/2066859258130665974
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="malware-analysis"
โข TA-category="APT"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
mitre-attack-pattern=['T1204.002', 'T1553.002', 'T1036', 'T1059', 'T1027', 'T1071.001', 'T1574.002', 'T1105']
MISP event uuid: 2af465d9-1888-4e99-abe1-dc82d348aa41
X (formerly Twitter)
Askar (@askardyuss) on X
#ThreatIntel New APT-Q-27 sample spotted! ๐จ
The attack leverages a valid digital signature from "ๅนฟๅทๆ ฉๅ ็งๆๆ้ๅ ฌๅธ" (not revoked yet). The dropper fetches an extension-based module list from C2. Current payloads use DLL Side-Loading via a legitimate Tencent-signedโฆ
The attack leverages a valid digital signature from "ๅนฟๅทๆ ฉๅ ็งๆๆ้ๅ ฌๅธ" (not revoked yet). The dropper fetches an extension-based module list from C2. Current payloads use DLL Side-Loading via a legitimate Tencent-signedโฆ
๐Title: Bluekit Phishing as a Service (PhaaS)
๐ Date: 2026-06-16
๐References:
https://www.cloudsek.com/blog/bluekit-phishing-as-a-service-phaas
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: ๐ Vulnerability
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="tool-profile"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="CloudSEK"
mitre-attack-pattern=[]
MISP event uuid: cab18fbe-dd41-40ba-9768-7b2329c53e94
๐ Date: 2026-06-16
๐References:
https://www.cloudsek.com/blog/bluekit-phishing-as-a-service-phaas
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: ๐ Vulnerability
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="tool-profile"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="CloudSEK"
mitre-attack-pattern=[]
MISP event uuid: cab18fbe-dd41-40ba-9768-7b2329c53e94
Cloudsek
Bluekit Phishing as a Service (PhaaS) | CloudSEK
BlueKit is turning phishing into a subscription business, offering 87 ready-made kits, automated account takeover and stealthy peer-to-peer infrastructure. CloudSEKโs investigation reveals how this mature PhaaS platform helps even low-skilled criminals targetโฆ
๐Title: FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed โ Claim Your Ethical Disclosure
๐ Date: 2026-06-17
๐References:
https://www.infostealers.com/article/fortibleed-75000-fortinet-firewalls-compromised-global-enterprises-exposed-claim-your-ethical-disclosure/
https://www.linkedin.com/feed/update/urn:li:activity:7471222472193830913/
https://doublepulsar.com/fortibleed-75k-fortinet-firewalls-have-admin-passwords-cracked-60299faa65f8
๐Rectifyq Taxonomies:
Relevancy: ๐ด Highly Relevant
Category: ๐ฅ Data Breach
โข sub-category="report"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
MISP event uuid: 62d63a50-b78f-45df-98a9-da606487a500
๐ Date: 2026-06-17
๐References:
https://www.infostealers.com/article/fortibleed-75000-fortinet-firewalls-compromised-global-enterprises-exposed-claim-your-ethical-disclosure/
https://www.linkedin.com/feed/update/urn:li:activity:7471222472193830913/
https://doublepulsar.com/fortibleed-75k-fortinet-firewalls-have-admin-passwords-cracked-60299faa65f8
๐Rectifyq Taxonomies:
Relevancy: ๐ด Highly Relevant
Category: ๐ฅ Data Breach
โข sub-category="report"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
MISP event uuid: 62d63a50-b78f-45df-98a9-da606487a500
InfoStealers
FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed โ Claim Your Ethical Disclosure
๐Title: ClickFix Campaign Generated Via AI Delivers SmartRAT
๐ Date: 2026-06-17
๐References:
https://www.zscaler.com/blogs/security-research/clickfix-campaign-generated-ai-delivers-smartrat
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="from-original-src"
โข mitre-att&ck="from-OTX"
โข sub-category="campaign-analysis"
โข topic="ai"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="Zscaler"
โข target-information="Brazil"
mitre-attack-pattern=['T1113', 'T1056.001', 'T1543.003', 'T1082', 'T1071', 'T1106', 'T1005', 'T1140', 'T1036', 'T1055', 'T1185', 'T1112', 'T1059', 'T1497', 'T1059.001', 'T1566', 'T1027', 'T1070.004', 'T1518', 'T1569.002']
MISP event uuid: b8e89796-9b5f-440b-aa35-6426dd5ab953
๐ Date: 2026-06-17
๐References:
https://www.zscaler.com/blogs/security-research/clickfix-campaign-generated-ai-delivers-smartrat
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="from-original-src"
โข mitre-att&ck="from-OTX"
โข sub-category="campaign-analysis"
โข topic="ai"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="Zscaler"
โข target-information="Brazil"
mitre-attack-pattern=['T1113', 'T1056.001', 'T1543.003', 'T1082', 'T1071', 'T1106', 'T1005', 'T1140', 'T1036', 'T1055', 'T1185', 'T1112', 'T1059', 'T1497', 'T1059.001', 'T1566', 'T1027', 'T1070.004', 'T1518', 'T1569.002']
MISP event uuid: b8e89796-9b5f-440b-aa35-6426dd5ab953
Zscaler
AI Generated ClickFix Attack Delivers SmartRAT | ThreatLabz
ThreatLabz analyzes an AI generated ClickFix campaign that delivers SmartRAT.
๐Title: More Than 4,000 Legacy Routers Compromised by AryStinger, Turned into Global Attack Proxies for Hackers
๐ Date: 2026-06-17
๐References:
https://blog.xlab.qianxin.com/arystinger-botnet-hijacks-legacy-routers-for-global-attacks-en/
๐Rectifyq Taxonomies:
Relevancy: ๐ด Highly Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="campaign-analysis"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข samples-found-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข target-information="China"
โข target-information="Malaysia"
โข target-information="Singapore"
โข target-information="South Korea"
โข target-information="Sweden"
mitre-attack-pattern=['T1543', 'T1082', 'T1071', 'T1190', 'T1021', 'T1016', 'T1087', 'T1090', 'T1059', 'T1083', 'T1049', 'T1057', 'T1027', 'T1573', 'T1095', 'T1505', 'T1071.001', 'T1136', 'T1018', 'T1046']
MISP event uuid: 65db42c9-e25b-479e-95cf-d21fd34c73ae
๐ Date: 2026-06-17
๐References:
https://blog.xlab.qianxin.com/arystinger-botnet-hijacks-legacy-routers-for-global-attacks-en/
๐Rectifyq Taxonomies:
Relevancy: ๐ด Highly Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="campaign-analysis"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข samples-found-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข target-information="China"
โข target-information="Malaysia"
โข target-information="Singapore"
โข target-information="South Korea"
โข target-information="Sweden"
mitre-attack-pattern=['T1543', 'T1082', 'T1071', 'T1190', 'T1021', 'T1016', 'T1087', 'T1090', 'T1059', 'T1083', 'T1049', 'T1057', 'T1027', 'T1573', 'T1095', 'T1505', 'T1071.001', 'T1136', 'T1018', 'T1046']
MISP event uuid: 65db42c9-e25b-479e-95cf-d21fd34c73ae
ๅฅๅฎไฟก X ๅฎ้ชๅฎค
More Than 4,000 Legacy Routers Compromised by AryStinger, Turned into Global Attack Proxies for Hackers
Background
On May 20, 2026, the Ministry of State Security's WeChat official account published an article "Your internet is slow, and the culprit turns out to be this!", highlighting that outdated routers are becoming a key entry point for threat actorsโฆ
On May 20, 2026, the Ministry of State Security's WeChat official account published an article "Your internet is slow, and the culprit turns out to be this!", highlighting that outdated routers are becoming a key entry point for threat actorsโฆ
๐Title: From emerging threat to top-tier ransomware-as-a-service: The evolution of INC ransomware
๐ Date: 2026-06-17
๐References:
https://www.acronis.com/en/tru/posts/from-emerging-threat-to-top-tier-ransomware-as-a-service-the-evolution-of-inc-ransomware/
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="TA-profile"
โข TA-category="Ransomware"
โข target="broad-based"
โข samples-found-in="MalwareBazaar"
โข samples-found-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="8545fbf3-a246-4938-96a9-85a24651ebde"
โข ransomware="inc ransom"
mitre-attack-pattern=['T1557', 'T1003', 'T1489', 'T1071', 'T1190', 'T1567', 'T1219', 'T1021.002', 'T1112', 'T1083', 'T1566', 'T1562.001', 'T1078', 'T1486', 'T1027.002', 'T1018', 'T1021.001', 'T1569.002', 'T1490']
MISP event uuid: 3b84c17c-e7c9-4b2f-89aa-2a39620d3f4c
๐ Date: 2026-06-17
๐References:
https://www.acronis.com/en/tru/posts/from-emerging-threat-to-top-tier-ransomware-as-a-service-the-evolution-of-inc-ransomware/
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="TA-profile"
โข TA-category="Ransomware"
โข target="broad-based"
โข samples-found-in="MalwareBazaar"
โข samples-found-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="8545fbf3-a246-4938-96a9-85a24651ebde"
โข ransomware="inc ransom"
mitre-attack-pattern=['T1557', 'T1003', 'T1489', 'T1071', 'T1190', 'T1567', 'T1219', 'T1021.002', 'T1112', 'T1083', 'T1566', 'T1562.001', 'T1078', 'T1486', 'T1027.002', 'T1018', 'T1021.001', 'T1569.002', 'T1490']
MISP event uuid: 3b84c17c-e7c9-4b2f-89aa-2a39620d3f4c
Acronis
From emerging threat to top-tier ransomware-as-a-service: The evolution of INC ransomware
INC has evolved from an emerging ransomware-as-a-service (RaaS) operation into one of the most active ransomware groups in 2026, claiming more than 800 victims since 2023.
๐Title: 140+ npm Packages Compromised in Coordinated Supply Chain Attack
๐ Date: 2026-06-17
๐References:
https://socket.dev/blog/mastra-npm-packages-compromised
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="campaign-analysis"
โข topic="supply-chain"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="37ebf9d7-5e9a-466f-a42c-6e60313db868"
mitre-attack-pattern=['T1132.001', 'T1059.007', 'T1543.003', 'T1497.001', 'T1082', 'T1005', 'T1140', 'T1185', 'T1555.003', 'T1083', 'T1057', 'T1041', 'T1547.001', 'T1027', 'T1195.002', 'T1543.001', 'T1070.004', 'T1071.001', 'T1543.002', 'T1547.013']
MISP event uuid: 79140557-e79d-42f1-ac42-9cfda99c9709
๐ Date: 2026-06-17
๐References:
https://socket.dev/blog/mastra-npm-packages-compromised
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="campaign-analysis"
โข topic="supply-chain"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="37ebf9d7-5e9a-466f-a42c-6e60313db868"
mitre-attack-pattern=['T1132.001', 'T1059.007', 'T1543.003', 'T1497.001', 'T1082', 'T1005', 'T1140', 'T1185', 'T1555.003', 'T1083', 'T1057', 'T1041', 'T1547.001', 'T1027', 'T1195.002', 'T1543.001', 'T1070.004', 'T1071.001', 'T1543.002', 'T1547.013']
MISP event uuid: 79140557-e79d-42f1-ac42-9cfda99c9709
Socket
140+ Mastra npm Packages Compromised in Coordinated Supply C...
More than 140 Mastra npm packages were compromised in a supply chain attack that used a typosquatted dependency to deliver a cross-platform infosteale...
๐Title: Okendo Reviews Supply Chain Attack
๐ Date: 2026-06-18
๐References:
https://www.zscaler.com/blogs/security-research/smartapesg-launches-okendo-reviews-supply-chain-attack
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="campaign-analysis"
โข topic="supply-chain"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="Zscaler"
mitre-attack-pattern=['T1053.005', 'T1047', 'T1204.002', 'T1566.002', 'T1082', 'T1140', 'T1059', 'T1218.005', 'T1059.001', 'T1547.001', 'T1027', 'T1573', 'T1195.002', 'T1203', 'T1071.001', 'T1059.005', 'T1105', 'T1204.001']
MISP event uuid: 2bed1cd7-b7d1-4eb0-b03f-9499f23ccc05
๐ Date: 2026-06-18
๐References:
https://www.zscaler.com/blogs/security-research/smartapesg-launches-okendo-reviews-supply-chain-attack
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="campaign-analysis"
โข topic="supply-chain"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="Zscaler"
mitre-attack-pattern=['T1053.005', 'T1047', 'T1204.002', 'T1566.002', 'T1082', 'T1140', 'T1059', 'T1218.005', 'T1059.001', 'T1547.001', 'T1027', 'T1573', 'T1195.002', 'T1203', 'T1071.001', 'T1059.005', 'T1105', 'T1204.001']
MISP event uuid: 2bed1cd7-b7d1-4eb0-b03f-9499f23ccc05
Zscaler
SmartApeSG Supply Chain Attack Targets Okendo | ThreatLabz
ThreatLabz identified a SmartApeSG-linked supply chain attack that targeted the Okendo Reviews widget impacting thousands of e-commerce sites.
๐Title: Operation Endgame vs. SocGholish Fake Updates
๐ Date: 2026-06-18
๐References:
https://www.infoblox.com/blog/threat-intelligence/hot-take-operation-endgame-vs-socgholish/
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="campaign-analysis"
โข sub-category="report"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="Infoblox"
โข malpedia="FAKEUPDATES"
โข threat-actor="GOLD PRELUDE"
mitre-attack-pattern=['T1053.005', 'T1033', 'T1132.001', 'T1059.007', 'T1069', 'T1204.002', 'T1082', 'T1036', 'T1087', 'T1583.003', 'T1083', 'T1547.001', 'T1027', 'T1567.002', 'T1518.001', 'T1189', 'T1071.001', 'T1584.001']
MISP event uuid: 0cb847d3-4247-4df8-990c-25e60867a1ce
๐ Date: 2026-06-18
๐References:
https://www.infoblox.com/blog/threat-intelligence/hot-take-operation-endgame-vs-socgholish/
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="campaign-analysis"
โข sub-category="report"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="Infoblox"
โข malpedia="FAKEUPDATES"
โข threat-actor="GOLD PRELUDE"
mitre-attack-pattern=['T1053.005', 'T1033', 'T1132.001', 'T1059.007', 'T1069', 'T1204.002', 'T1082', 'T1036', 'T1087', 'T1583.003', 'T1083', 'T1547.001', 'T1027', 'T1567.002', 'T1518.001', 'T1189', 'T1071.001', 'T1584.001']
MISP event uuid: 0cb847d3-4247-4df8-990c-25e60867a1ce
Infoblox Blog
Operation Endgame vs. SocGholish Fake Updates
Nearly 55% of enterprises were exposed to SocGholish through compromised websites before Operation Endgame disrupted the malware actor connected to EvilCorp.
๐Title: Sayonara, SocGholish: Operation Endgame Disrupts Major Cybercrime Operation
๐ Date: 2026-06-18
๐References:
https://www.proofpoint.com/us/blog/threat-insight/sayonara-socgholish-operation-endgame-disrupts-major-cybercrime-operation
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="campaign-analysis"
โข sub-category="report"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="Proofpoint"
โข target-information="United States"
โข target-information="Australia"
โข target-information="Canada"
โข target-information="Germany"
โข target-information="Netherlands"
โข target-information="United Kingdom"
โข malpedia="FAKEUPDATES"
โข threat-actor="GOLD PRELUDE"
mitre-attack-pattern=['T1059.007', 'T1547', 'T1204.002', 'T1566.002', 'T1140', 'T1190', 'T1219', 'T1036', 'T1090.002', 'T1041', 'T1059.001', 'T1562.001', 'T1078', 'T1027', 'T1486', 'T1203', 'T1189', 'T1071.001', 'T1105', 'T1564.001']
MISP event uuid: cbbb0cbd-c005-4ce4-b14e-402de47bd176
๐ Date: 2026-06-18
๐References:
https://www.proofpoint.com/us/blog/threat-insight/sayonara-socgholish-operation-endgame-disrupts-major-cybercrime-operation
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="campaign-analysis"
โข sub-category="report"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="Proofpoint"
โข target-information="United States"
โข target-information="Australia"
โข target-information="Canada"
โข target-information="Germany"
โข target-information="Netherlands"
โข target-information="United Kingdom"
โข malpedia="FAKEUPDATES"
โข threat-actor="GOLD PRELUDE"
mitre-attack-pattern=['T1059.007', 'T1547', 'T1204.002', 'T1566.002', 'T1140', 'T1190', 'T1219', 'T1036', 'T1090.002', 'T1041', 'T1059.001', 'T1562.001', 'T1078', 'T1027', 'T1486', 'T1203', 'T1189', 'T1071.001', 'T1105', 'T1564.001']
MISP event uuid: cbbb0cbd-c005-4ce4-b14e-402de47bd176
Proofpoint
Sayonara, SocGholish: Operation Endgame Disrupts Major Cybercrime Operation | Proofpoint US
Key Findings Global law enforcement and private sector partners worked to disrupt activity related to TA569, as part of Operation Endgame. TA569 is one of the most prominent
๐Title: May 2026 Infostealer Trend Report
๐ Date: 2026-06-17
๐References:
https://asec.ahnlab.com/en/94172/
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="campaign-analysis"
โข sub-category="report"
โข target="broad-based"
โข samples-found-in="MalwareBazaar"
โข samples-found-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="AhnLab"
โข malpedia="Lumma Stealer"
โข malpedia="Remus"
mitre-attack-pattern=['T1113', 'T1056.001', 'T1539', 'T1082', 'T1005', 'T1140', 'T1555', 'T1036', 'T1083', 'T1204', 'T1057', 'T1041', 'T1071.002', 'T1547.001', 'T1566', 'T1059.004', 'T1027', 'T1203', 'T1071.001', 'T1574.002']
MISP event uuid: 5c39093d-4670-4614-8a23-63442c98e015
๐ Date: 2026-06-17
๐References:
https://asec.ahnlab.com/en/94172/
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="campaign-analysis"
โข sub-category="report"
โข target="broad-based"
โข samples-found-in="MalwareBazaar"
โข samples-found-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="AhnLab"
โข malpedia="Lumma Stealer"
โข malpedia="Remus"
mitre-attack-pattern=['T1113', 'T1056.001', 'T1539', 'T1082', 'T1005', 'T1140', 'T1555', 'T1036', 'T1083', 'T1204', 'T1057', 'T1041', 'T1071.002', 'T1547.001', 'T1566', 'T1059.004', 'T1027', 'T1203', 'T1071.001', 'T1574.002']
MISP event uuid: 5c39093d-4670-4614-8a23-63442c98e015
ASEC
May 2026 Infostealer Trend Report - ASEC
May 2026 Infostealer Trend Report ASEC
๐Title: Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign
๐ Date: 2026-06-17
๐References:
https://www.trendmicro.com/en_us/research/26/f/claudeai-shared-chat-abused-in-malvertising.html
๐Rectifyq Taxonomies:
Relevancy: ๐ด Highly Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="infra-profile"
โข topic="ai"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="Trend Micro"
โข target-information="British Indian Ocean Territory"
โข target-information="France"
โข target-information="Hong Kong"
โข target-information="India"
โข target-information="Italy"
โข target-information="Japan"
โข target-information="Malaysia"
โข target-information="Singapore"
โข target-information="Taiwan"
mitre-attack-pattern=['T1033', 'T1539', 'T1036.005', 'T1497.001', 'T1566.002', 'T1082', 'T1005', 'T1140', 'T1555', 'T1555.003', 'T1083', 'T1552.001', 'T1583.006', 'T1041', 'T1059.004', 'T1204.003', 'T1189', 'T1105', 'T1102.001']
MISP event uuid: f66d7792-44c8-4b5a-8f0e-7357bd8352cb
๐ Date: 2026-06-17
๐References:
https://www.trendmicro.com/en_us/research/26/f/claudeai-shared-chat-abused-in-malvertising.html
๐Rectifyq Taxonomies:
Relevancy: ๐ด Highly Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="infra-profile"
โข topic="ai"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="Trend Micro"
โข target-information="British Indian Ocean Territory"
โข target-information="France"
โข target-information="Hong Kong"
โข target-information="India"
โข target-information="Italy"
โข target-information="Japan"
โข target-information="Malaysia"
โข target-information="Singapore"
โข target-information="Taiwan"
mitre-attack-pattern=['T1033', 'T1539', 'T1036.005', 'T1497.001', 'T1566.002', 'T1082', 'T1005', 'T1140', 'T1555', 'T1555.003', 'T1083', 'T1552.001', 'T1583.006', 'T1041', 'T1059.004', 'T1204.003', 'T1189', 'T1105', 'T1102.001']
MISP event uuid: f66d7792-44c8-4b5a-8f0e-7357bd8352cb
Trend Micro
Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign
Cybercriminals hijacked Google Ads searches for popular AI developer tools to funnel over 2,000 victims toward malicious download pages before quietly moving their operation onto claude.ai's own platform, turning the trusted domain into a delivery mechanismโฆ
๐Title: GitBait: Phishing targeting the Mexican financial sector
๐ Date: 2026-06-18
๐References:
https://www.group-ib.com/blog/gitbait-phishing-mexico-banking-finance-es/
๐Rectifyq Taxonomies:
Relevancy: โซ Not Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="campaign-analysis"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="Group-IB"
โข target-information="Mexico"
โข sector="Bank"
mitre-attack-pattern=[]
MISP event uuid: 10458e7b-10eb-4cde-8201-cf2cab6aef88
๐ Date: 2026-06-18
๐References:
https://www.group-ib.com/blog/gitbait-phishing-mexico-banking-finance-es/
๐Rectifyq Taxonomies:
Relevancy: โซ Not Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="campaign-analysis"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="Group-IB"
โข target-information="Mexico"
โข sector="Bank"
mitre-attack-pattern=[]
MISP event uuid: 10458e7b-10eb-4cde-8201-cf2cab6aef88
Group-IB
GitBait: Phishing dirigido al sector financiero mexicano
๐Title: Twitter Feed - nextronresearch - 17-06-2026
๐ Date: 2026-06-18
๐References:
https://x.com/nextronresearch/status/2067230614424600844
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="malware-analysis"
โข target="broad-based"
โข TA-category="APT"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข target-information="India"
โข threat-actor="SideCopy"
โข threat-actor="Operation C-Major"
mitre-attack-pattern=['T1547', 'T1204.002', 'T1566.001', 'T1082', 'T1140', 'T1036', 'T1112', 'T1059.001', 'T1547.001', 'T1027', 'T1027.002', 'T1071.001', 'T1105', 'T1204.001']
MISP event uuid: d76f1307-3376-49af-bc2c-bc11d8e6c5df
๐ Date: 2026-06-18
๐References:
https://x.com/nextronresearch/status/2067230614424600844
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="malware-analysis"
โข target="broad-based"
โข TA-category="APT"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข target-information="India"
โข threat-actor="SideCopy"
โข threat-actor="Operation C-Major"
mitre-attack-pattern=['T1547', 'T1204.002', 'T1566.001', 'T1082', 'T1140', 'T1036', 'T1112', 'T1059.001', 'T1547.001', 'T1027', 'T1027.002', 'T1071.001', 'T1105', 'T1204.001']
MISP event uuid: d76f1307-3376-49af-bc2c-bc11d8e6c5df
X (formerly Twitter)
Nextron Research โก๏ธ (@nextronresearch) on X
Same actor, new lure. This SideCopy (APT36) chain swaps the military briefing for a fake "Minutes Of Meeting" Word doc
Identical playbook: a double-extension Minutes Of Meeting.docx.lnk fires a PowerShell stager (pdfdocs.bat) from a nested pdfdocs\ folderโฆ
Identical playbook: a double-extension Minutes Of Meeting.docx.lnk fires a PowerShell stager (pdfdocs.bat) from a nested pdfdocs\ folderโฆ
๐Title: Klue Integration Abused in Salesforce Data Theft | Threat Spotlight
๐ Date: 2026-06-17
๐References:
https://reliaquest.com/blog/threat-spotlight-integration-abused-in-crm-data-theft
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="campaign-analysis"
โข topic="supply-chain"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="ReliaQuest"
mitre-attack-pattern=['T1213.002', 'T1119', 'T1530', 'T1106', 'T1567', 'T1087', 'T1102', 'T1528', 'T1041', 'T1078', 'T1567.002', 'T1059.006', 'T1213', 'T1071.001', 'T1550.001']
MISP event uuid: eb6c5ce1-e012-43a3-abcd-737099a4de83
๐ Date: 2026-06-17
๐References:
https://reliaquest.com/blog/threat-spotlight-integration-abused-in-crm-data-theft
๐Rectifyq Taxonomies:
Relevancy: ๐ต Potentially Relevant
Category: โ Threat
โข mitre-att&ck="none-from-src"
โข mitre-att&ck="from-OTX"
โข sub-category="campaign-analysis"
โข topic="supply-chain"
โข target="broad-based"
โข no-samples-in="MalwareBazaar"
โข no-samples-in="Tria.ge"
โข action-taken="VT-comment"
๐MISP Galaxies:
โข producer="ReliaQuest"
mitre-attack-pattern=['T1213.002', 'T1119', 'T1530', 'T1106', 'T1567', 'T1087', 'T1102', 'T1528', 'T1041', 'T1078', 'T1567.002', 'T1059.006', 'T1213', 'T1071.001', 'T1550.001']
MISP event uuid: eb6c5ce1-e012-43a3-abcd-737099a4de83
ReliaQuest
Klue Integration Abused in Salesforce Data Theft | ReliaQuest Threat Spotlight
Attackers had 24 hours of bulk CRM extraction through a compromised Klue integrationโlearn what steps you need to take to revoke, hunt, and lock down access immediately