NYX//OPS v4.21.7
LINK ACTIVE // SOC-3 // CLEARANCE: ORANGE
UTC 00:00:00.000 UPTIME 412d 06:21 FEEDS 147/147 THREAT ELEVATED analyst@k.morrow
[01]

GLOBAL SIGNAL SEISMOGRAPH

// 8-CHANNEL // T-300s ← T+0
● 3 ACTIVE EVENTS ● 12 WARN ● 84 NOMINAL REFRESH 250ms
−300s−240s−180s−120s−60sT+0
[02] ENGAGEMENT GEOGRAPHY
MERCATOR · LIVE
50.45°N 30.52°E 39.90°N 116.40°E
LAT: +47.3829
LON: −112.0044
6 SITES · 3 HOT
CURRENT OPERATIONS
06 ACTIVE
OP: AMPHISBAENIA RU/EE T+18:42:11
OP: BASILISK-VEIN CN/TW T+04:11:50
OP: COLDSTAR-9 KP/KR T+72:08:34
OP: DEAD-RECKONING IR/SA T+09:55:02
OP: EMBER-FANG US/MX T+02:47:19
OP: FELL-DICTUM RU/UA T+00:12:48
[03] LIVE EVENT FEED STREAMING
FILTER: ALL · ~2.4k evt/min
Timestamp (UTC) Hash Sev Vector / Source CC
[04] ANALYST BULLETINS
04 NEW
// CRITICAL BLT-44A1

Suspected APT-29 staging via compromised Helsinki CDN edge.

Three distinct payload variants exfiltrating through DoH tunnels. Signature drift <0.4% from CozyBear baseline. Recommend immediate IOC distribution to T1+T2 clients.

@febrifuge 14:22:08 UTC
// WARNING BLT-44A0

Dark-pool chatter spike re: zero-day in libxml2 (CVE pending).

Russian-language forum BLACKHOLE.SX posting fragmentary PoC. Cross-corroborated via TG channel @gh0st_proto. Patch posture: none upstream.

@squabble 14:18:51 UTC
// INFO BLT-449F

Honeypot HX-12 caught novel SSH brute variant. Sample preserved.

Attack origin: bulletproof ASN 47890 (NL). Dictionary suggests insider list — 71% hit rate on rotated creds <30 days old.

@vellichor 14:09:33 UTC
// CRITICAL BLT-449E

Supply-chain: poisoned package "uv-async-poll" v2.1.4 on NPM.

Postinstall script pulls stage-2 from kasvik[.]xyz. ~14k weekly downloads. Maintainer account confirmed compromised via session-token theft.

@hexenring 13:54:11 UTC
47s
−12%
M01
MEAN TIME
TO DETECT
▼ improving
11m
+04%
M02
MEAN TIME
TO CONTAIN
▲ rising
80%
2,147 hits
M03
HONEYPOT
HIT RATE
● steady
8.8
/10 idx
M04
DARK-WEB
CHATTER INDEX
▲▲ critical
▣ APT29 ▸ HELSINKI EDGE BREACH ▸ CONFIDENCE 0.91 ▣ NPM uv-async-poll v2.1.4 ▸ QUARANTINED ▣ CVE-2024-PENDING ▸ libxml2 ▸ NO PATCH ▣ HONEYPOT HX-12 ▸ NOVEL SSH VARIANT ▣ DARKWEB IDX ▸ 8.8 ▸ +0.4 ▣ MTTC ▸ DRIFT +4% ▸ INVESTIGATE ▣ KP-LAZARUS ▸ SWIFT NODE PROBE ▸ BLOCKED ▣ ▣ APT29 ▸ HELSINKI EDGE BREACH ▸ CONFIDENCE 0.91 ▣ NPM uv-async-poll v2.1.4 ▸ QUARANTINED ▣ CVE-2024-PENDING ▸ libxml2 ▸ NO PATCH ▣ HONEYPOT HX-12 ▸ NOVEL SSH VARIANT ▣ DARKWEB IDX ▸ 8.8 ▸ +0.4 ▣ MTTC ▸ DRIFT +4% ▸ INVESTIGATE ▣ KP-LAZARUS ▸ SWIFT NODE PROBE ▸ BLOCKED ▣