IOC Radar
TLP:WHITE1 IOC

The Good, the Bad and the Ugly in Cybersecurity – Week 23

SB
SentinelOne Blog
Published June 5, 2026Original Report

Threat Actors

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYRoyalTA4922INFRASTRUCTUREunknownCAPABILITYMETA StealerRoyalVICTIMunknown
Adversary(2)
Infrastructure
Capability(2)
Victim

Attack Flow7 steps · MITRE ATT&CK mapped

Initial AccessTA0001·T1566
1/7
Phishing
ActionLaunch phishing campaigns
TA4922 launches credential phishing campaigns using lures related to human resources, corporate taxation, and invoices.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise1

TypeIndicatorConfidenceScoreFirst Seen
CVECVE-2026-0257
aptespionageexploit
High
62
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph1 total IOCs
CVE
CVE1Actors2Malware2REPORTThe Good, the Bad and the RoyalTA4922META StealerRoyal
scroll to zoom · drag to pan · click IOC to open