Threats Tagged 'xploitspy'
View all threats tagged with 'xploitspy'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'xploitspy'
Click on any threat for detailed analysis and mitigation recommendations
Attack on *stan: Your malware, my C2 0 A suspected state-affiliated threat actor has been targeting Kazakh and Afghan entities in a persistent campaign since at least August 2022. The attackers use a Windows-based RAT called KazakRAT, which allows for payload downloads, host data collection, and file exfiltration. The malware is delivered via .msi files and persists using the Run registry key. C2 communications are unencrypted over HTTP. The campaign also utilizes modified versions of XploitSpy Android spyware. Multiple KazakRAT variants have been observed with minor command-set changes. Victim targeting includes government and financial sector entities, particularly in Kazakhstan's Karaganda region. The operation shows low sophistication but high persistence, with similarities to APT36/Transparent Tribe activities. Join the discussion | AlienVault OTX General | 01/30/2026, 08:19:02 UTC Added: 01/30/2026, 08:43:08 UTC |
Showing 1 to 1 of 1 result