#APT_Digital_Weapon.We have categorized #IOCs, mostly #APT related, from public resources and sample details are available on #VT. The #GitHub project will keep updated and hope to help the security community fight against malware and targeted attack.

3ef7717c8bcb26396fc50ed92e812d13 (run.vbs).983a8a6f4d0a8c887536f5787a6b01a2 (shell.bat).b52e105bd040bda6639e958f7d9e3090 (main.js).6175efd148a89ca61b6835c77acc7a8d (drvUpdate.exe).

#APT #Lazarus uses ClickFix technique to deliver malware with disguised name of Nvidia. f9e18687a38e968811b93351e9fca089.a4e58b91531d199f268c5ea02c7bf456. hxxps://driverservices.store/visiodrive/nvidiaRelease.zip.hxxp://45.159.248.110.103.231.75.101:8888

#APT #Bitter targets Iraqi-Sri Lanka Committee.docx --> dotm --> VBA.4e87283dcc6b2e22edba7bc8aab290cf ("Meetings of the nineteenth session of the Iraqi-Sri Lanka Committee.docx").f0246943f8fd24a7e5df9aa1776849d0 ("DesignTemplate.dotm"). hxxps://glamormusicwave.com

"Mimo" Gang used #Sharepoint #ToolShell to deliver "4l4md4r" #ransomware, which is written in Go language and contains religious-style function names. Report:

Brief analysis of Chrome vuln #CVE-2025-6554, which was exploited in the wild.

中文版报告：

To improve threat intelligence sharing, we've released a detailed report on #APT group #NightEagle (APT-Q-95), including analysis of a novel malware, additional #IOCs, and full documentation of the Exchange attack chain. report：

At the recently held CYDES 2025, we disclosed #APT group #NightEagle (APT-Q-95). This threat group has been targeting high-tech industries for a long time, including chip semiconductors, AI/GPT and other fields. Actors used an unknown Exchange exploit chain. PPT: #IOCs #APT

#APT #Kimsuky.7ec88818697623a0130b1de42fa31335 (dropper, with digital signature "CJ Olivenetworks Co., Ltd").580d7a5fdf78dd3e720b2ce772dc77e9 (dll, "C:\\Users\\Public\\config.dat"). hxxp://gsegse.dasfesfgsegsefsede.o-r.kr/login.php (162[.220.11.186)

#APT #APT-Q-12.APT-Q-12 has exploited a #0day existing in the Foxmail Windows client in recent campaign and we reported it to Tencent immediately. Now the vuln has been fixed and Windows users are suggested updating to latest version 7.2.25 (2025-03-28).

the link of report updated:

IOC (2/2).C2：.overbridgenet[.com (OpenDNS Top1M).calnor[.info.klymos[.info.infird[.com.infirc[.com.xerogala[.com.svdred[.com.cachedclr[.com. MD5:.40210f065e82d06b364f56c9ab4efdcd.a4aa475e2309f05ac83d8289b4604cbd.1c6271c9bd6281b06965ca780b292e65.ebee140bdb9f1f80597cdea66860e1b6.

#Malware.🚨 Alert! Cyber criminal uses malicious browser extension (dubbed as "GhostExtension") to hijack searching results and E-commerce links. *Millions* of endpoints are affected. (1/2).

#APT #Patchwork targets Nepal with Spyder malware.dcd38befbaff3b153c40cd9c2858e72a.myprivatedrives[.]com. hxxp://myprivatedrives.com/ticket_line/openai.php.hxxp://myprivatedrives.com/ticket_line/certificate.php

#APT #CNC #UTG-Q-011.Recent espionage campaign operated by threat actors from South Asia targets Chinese scientific research in the maritime and other fields.

PDF (Chinese) is available: .

QiAnXin 2024 Cyber Threat Annual Report is released. Like 2024 H1 report, contents cover APT, ransomware, cybercrime and vulnerabilities exploited in the wild.

Malware seems from #APT #Donot.893561ff6d17f1e95897b894dde29a2a.hxxps://totalservices.info/WxporesjaTexopManor/ptomekasresdkolertys

#APT #OceanLotus: memory plug-ins and espionage purpose in latest years.

Thanks to the intelligence from Clément Lecigne of Google's Threat Analysis Group just now. The github project of the vulnerability: