Lightnews — Scholar-powered news

StrikeReady Labs

@strikereadylabs.com

540 followers 1.6K following 310 posts

https://strikeready.com/blog.html Download live malware samples mentioned here: https://github.com/StrikeReady-Inc/samples If you prefer marketing (our product is great!) subscribe to our main page @strikeready.com

strikeready.com

Posts Media Videos Starter Packs

StrikeReady Labs @strikereadylabs.com · 3h

this #dailyphish may look like #apt, but it is actually 419-style scammers

StrikeReady Labs @strikereadylabs.com · 7d

Thx greg! If any home gamers is looking to test your JS deobfuscation skills on a lazy friday, grab the samples here : github.com/StrikeReady-...

StrikeReady Labs @strikereadylabs.com · 7d

Quite a bit of CN APT activity in europe in the past week

strikeready.com/blog/cn-apt-...

As always, if you're interested in tuning your skills, download the samples here github.com/StrikeReady-...

CN APT targets Serbian Government

Mustang Panda continues targeting European governments

strikeready.com

6 6

StrikeReady Labs @strikereadylabs.com · 8d

bb491248bb8f6067af39e196b11f4e408a7a3885704cadbd4266db52ae4b03e2
Agenda_Meeting 26 Sep Brussels\.zip #china #apt
e53bc08e60af1a1672a18b242f714486ead62164dda66f32c64ddc11ffe3f0df
c2 racineupci\.org

1 2 4

StrikeReady Labs @strikereadylabs.com · 10d

Decoy tracking is a great indicator for potentially interesting payloads --- decoys that contain 'defence' or
'nato' related keywords have paid dividends for many years
218ed813d8a4d9d05473338795021c66012cd6c36368561d3aaf831a5c494740
utensils\.zip
cseconline[.]org

StrikeReady Labs @strikereadylabs.com · 23d

blocking vt via htaccess ... pretty good indicator that you may not be up to any good ....

StrikeReady Labs @strikereadylabs.com · 23d

interesting use of @vercel.com for today's #dailyphish
mscsharepoint[.]vercel[.]app/?email=[]

StrikeReady Labs @strikereadylabs.com · 24d

seeing approximately a million of these #dailyphish today

StrikeReady Labs @strikereadylabs.com · 28d

Spearphishing the news: sidewinder using the Nepal protests as APT lures strikeready.com/blog/sidewin...

Sidewinder APT leverages Nepal protests to push mobile malware

Sidewinder APT is leveraging the ongoing turmoil in Nepal to distribute mobile malware.

strikeready.com

1 1

StrikeReady Labs @strikereadylabs.com · 29d

south asian threat actor continuing to target Nepal, this time by leveraging personas involved in their ongoing civil unrest
apks
playservicess[.]com/Emergency_Help.apk
playservicess[.]com/Gen_Ashok_Sigdel_Live.apk

1 2

StrikeReady Labs @strikereadylabs.com · 29d

interesting #dailyphish .. send them a message talking about a previously sent password protected pdf (that wasn't ever sent), to get the person to reach out and ask for the malicious file

StrikeReady Labs @strikereadylabs.com · Sep 9

#apt #ru gamaredon 9a95ba01961c0ae96047c2145978da04899975b1d6eeae6f3b2ccd124ad45bba
2-1180-25_03.06.2025.html

StrikeReady Labs @strikereadylabs.com · Sep 3

nice work on the report, Dream Group! dreamgroup.com/wp-content/u...

dreamgroup.com

StrikeReady Labs @strikereadylabs.com · Sep 3

Fișa de facturare pentru al doilea trimestru.doc
15c9203b107020b0b7b70a04c0268c83
moldova submitters often give interesting threads to pull on...

StrikeReady Labs @strikereadylabs.com · Sep 3

download samples here github.com/StrikeReady-...

samples/2025-09-03 apt36 at main · StrikeReady-Inc/samples

shared samples from #dailyphish and/or #apt tweets - StrikeReady-Inc/samples

github.com

StrikeReady Labs @strikereadylabs.com · Sep 3

x.com/SinghSoodeep...

Sudeep_Singh on X: "New Linux desktop entry file used by APT36 MD5 hash: c1a1e6e2ef0694180b865df321f99471 SHA1 hash: ead2ee01d13f42bbfab331aa178f07d8c1290479 SHA256 hash: ab85924ba95692995ac622172ed7f2ebc1997450d86f5245b03491422be2f3d6 Filename: Draft_RFI_for_PDS_10_Aug_25_Final.PDF ELF binary https://t.co/lgxVeFPot2" / X

New Linux desktop entry file used by APT36 MD5 hash: c1a1e6e2ef0694180b865df321f99471 SHA1 hash: ead2ee01d13f42bbfab331aa178f07d8c1290479 SHA256 hash: ab85924ba95692995ac622172ed7f2ebc1997450d86f5245b03491422be2f3d6 Filename: Draft_RFI_for_PDS_10_Aug_25_Final.PDF ELF binary https://t.co/lgxVeFPot2

x.com

StrikeReady Labs @strikereadylabs.com · Sep 3

new format from our .desktop friends, made famous by ZS researchers

Proposal_Posting_of_Offrs_to_RMC_Mumbai.pdf.desktop
0a671f5849a24aceb605d41dcb607230

1 1 6

StrikeReady Labs @strikereadylabs.com · Aug 26

one thing that stuck out was the high number of typos in target domain names in the emails we saw. "orderofimalta" vs "orderofmalta", "mofa.ye[.]org" vs "mofa-ye", etc. either a lot of manual copy/pasta or maybe bad ocr?

also saw .IR targeting which is spiderman.gif, if i understood your attrib

StrikeReady Labs @strikereadylabs.com · Aug 25

large trawling campaign against MFAs - specifically reps to Egypt

Online Seminar.FM.gov.om.doc
Online Seminar.MFA.gov.ct.tr.doc
pivot:
DPR for dredging in FreeSpan_16082025.2.doc

c2 screenai[.]online
3ab16bd1c339fd0727be650104b74dd1
1de19958e7c2ef14addfb35b43a594ec
e73ba93d008affdc4cce0cb4e18ae5c6

1 3

StrikeReady Labs @strikereadylabs.com · Aug 19

Fun to collab with Pham Duy Phuc at Trellix on this research into DPRK's recent embassy phishing campaigns. Although other novel vectors get the headlines, Email is still a major component of most APT groups.
www.trellix.com/blogs/resear...

1 4

StrikeReady Labs @strikereadylabs.com · Aug 19

A South Asian APT has been persistently targeting Sri Lanka, Bangladesh, Pakistan, and Turkey. This post walks through how to pivot from the well-publicized phishing infrastructure to expose APK tooling that compromised members of the military of Asian countries.

strikeready.com/blog/apt-and...

APT: Android, Phishing, microsoft

A South Asian APT has been persistently targeting Sri Lanka, Bangladesh, Pakistan, and Turkey. This post walks through infrastructure and malware pivots to expose novel tooling that compromised the p...

strikeready.com

3 4

StrikeReady Labs @strikereadylabs.com · Aug 15

1 1

StrikeReady Labs @strikereadylabs.com · Aug 15

who doesn't love a phish with a <marquee> tag?
dgdppakistan.securecloudfilesdownload[.]com

2 1 2

StrikeReady Labs @strikereadylabs.com · Aug 12

Learn to hunt: oddball file extensions + frequency analysis. Today we see an Indian APT leveraging "ProgressReport.jse.xz" to target Sri Lanka, and a Russian APT using "Щодо фактів отримання неправомірної вигоди 2-1273-2025_12.08.2025.HTA.BZ2" to target UKR
github.com/StrikeReady-...

1 3

StrikeReady Labs @strikereadylabs.com · Jul 29

Something tells me this isn't the real Trusteer
ibmtrusteermobile[.]com/Down/IBMtrusteermobile.apk