Mastodawn

Operation XENOFISCAL: SideCopy deploying persistent XenoRAT targeting the MoF, Afghanistan

SideCopy APT, a Pakistan-linked threat group under the Transparent Tribe umbrella, executed a targeted spear phishing campaign against Afghanistan's Ministry of Finance and provincial revenue directorates. The attack begins with a Pashto-language LNK file disguised as a staff directory document, which executes mshta.exe to fetch remote HTA payloads from compromised Afghan education infrastructure. The multi-stage chain deploys obfuscated JavaScript, establishes registry-based persistence mimicking Microsoft Edge, and ultimately delivers XenoRAT 1.8.7 beaconing to bulletproof Bulgarian hosting. The campaign demonstrates precise knowledge of target administrative context, using Dari and Pashto decoy documents listing provincial finance officials with direct contact information. Infrastructure analysis reveals deliberate staging within Afghan government IP space and C2 infrastructure overlapping with previous SideCopy operations.

Pulse ID: 6a196f2fd88de848b913e4da
Pulse Link: https://otx.alienvault.com/pulse/6a196f2fd88de848b913e4da
Pulse Author: AlienVault
Created: 2026-05-29 10:49:19

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Afghanistan #Bulgaria #CyberSecurity #Edge #Education #Government #InfoSec #Java #JavaScript #LNK #Microsoft #MicrosoftEdge #Mimic #OTX #OpenThreatExchange #Pakistan #Phishing #RAT #SideCopy #SpearPhishing #TransparentTribe #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange

Luka Motel May 29

Mermay 2026 day 29

Mimic, yet another one hehe. They’re my favorite monster, after dragon quest slimes!

•
•
•
•
•
#mermay #mermaid #mermay2026 #watercolor #mimic

Luka Motel May 28

Mermay 2026 day 28

This is a ttrpg character of mine, named Cecil. He’s a mimic with a human (and apparently mermaid) form! He’s has burn scars across his body.

•
•
•
•
•
#mermay #mermaid #mermay2026 #watercolor #mimic

U3dn May 27

Mimic Chest Character Set #Mimic #Chest #Character #Animation #Lowpoly #Darkfantasy #Rpg #Gamedevelopment #AssetStore

https://u3dn.com/packages/mimic-chest-character-set-315858

Mimic Chest Character Set | 3D Creatures | Unity Asset Store

Elevate your workflow with the Mimic Chest Character Set asset from Nephilite Studios. Find this & other Creatures options on the Unity Asset Store.

Raurquiz May 24

#HappyBirthday @actordougjones #dougjones #actor #saru #StarTrekDiscovery #hocuspocus #buffythevampireslayer #batmanreturns #tankgirll #mimic #hellboy #thegoldenarmy #crimsonpeak #theshapeofwater #fantasticfour #theriseofsilversurfer #absentia #ouija #originofevil #thebyebyeman #fallingskies #thestrain #whatwedointheshadows #nosferatu #asynphonyofhorror #downbelow #spacecommand @hbomaxlat @startrek @startrekonpplus @marvelstudios @DisneyPlusLA

OTX Bot May 21

Inside a Tor Backed Supply Chain Worm

A sophisticated npm supply chain attack was uncovered involving the typosquatted package crypto-javascri, designed to mimic the legitimate crypto-js library. The malware harvests npm and GitHub credentials from infected systems, hijacks maintainer accounts, and automatically republishes trojanized versions of packages under trusted identities. The final payload incorporates a weaponized Arti Tor client with credential theft, cryptomining capabilities, privilege escalation via SUID exploitation, and systemd-based persistence mechanisms. The campaign specifically targets Linux developer systems and CI/CD environments, using Tor-based command-and-control infrastructure to maintain anonymity and resilience. The attack creates significant downstream supply chain risk through its worm-like propagation model.

Pulse ID: 6a0d970b3015e77563f4a9fa
Pulse Link: https://otx.alienvault.com/pulse/6a0d970b3015e77563f4a9fa
Pulse Author: AlienVault
Created: 2026-05-20 11:12:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CryptoMining #CyberSecurity #GitHub #InfoSec #Java #Linux #Malware #Mimic #NPM #OTX #OpenThreatExchange #RAT #Rust #SMS #SupplyChain #Trojan #Worm #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange

Stephen Gutknecht May 19

#TrumpSpeak #FWakeTrumpSpeak

1. Prophet #Muhammad played a crucial role in standardization and spread of #Arabic language. The Quran... language global

2. #TrumpThePoet People in USA program their minds to #mimic #Trumpisms - cult mocking.

3. Mocking is not removing.

#TrumpMythos #FWakeTrumpMythos /\

Nana May 14

If you see this while you're looting an old library, you might be in trouble...

Digital art, Procreate.

#mimic #gamer #dnd #art #muirin_art

Cyat May 7

hElLo...

#art #furry #furryart #sfw #horror #mimic #creature #crayon #coloredpencil #traditionalart #artistsonmastodon #artistsonfediverse #commsopen

Players' Patchwork Theatre Co Apr 29

During our troupe's 20th birthday celebrations last weekend, one of our earliest Players of the Patchwork Julie got to meet Chest E. Cognito, one of our newest {definitely-not-a-Mimic} characters!

What's a little light nomming amongst friends? 😁

#CommediaDellArte #Commedia #Improv #Improvisation #Theater #DnD #Mimic #Nom #NomNomNom #Birthday