StealthMole

StealthMole StealthMole is a cyber threat intelligence company

26/05/2026

What initially appeared as a separate ransomware operation eventually revealed links to Eraleign (APT73) through infrastructure overlaps, Telegram activity, and leak site analysis.

Watch the full StealthMole webinar investigation here:
https://youtu.be/v4QTzIs_uw0

이번 제21회 OSINT 인텔리전스 전문가 과정은, 지난 회차와 한 가지 근본적으로 달라졌습니다.3일차 전체를 ‘AI 기반 OSINT’로 재설계했습니다.LLM을 활용한 수집 자동화, 생성형 AI로 작성하는 인텔리전스...
26/05/2026

이번 제21회 OSINT 인텔리전스 전문가 과정은, 지난 회차와 한 가지 근본적으로 달라졌습니다.

3일차 전체를 ‘AI 기반 OSINT’로 재설계했습니다.

LLM을 활용한 수집 자동화, 생성형 AI로 작성하는 인텔리전스 리포트까지 — 현장에서 바로 쓸 수 있는 워크플로우를 다룹니다.

📅 2026년 6월 30일(화) ~ 7월 2일(목)
📍 GMD SOFT Academy VENTI 룸 (판교)

【Day 1】 OSINT 기초지식 및 핵심 기법
【Day 2】 고급 데이터 수집 및 StealthMole 활용 다크웹 분석
【Day 3】 AI 기반 OSINT 시나리오 및 인텔리전스 리포트 작성

🎁 수강생 특별 혜택
· StealthMole 플랫폼 1개월 라이선스 (USD 5,000 상당)
· 온라인 트레이닝 1년 구독권
· 업계 전문가 네트워킹 기회

💡 5월 내 Early Bird 등록 시 20% 할인
👥 소수 정예 진행 (정원 제한)

등록 및 문의: [email protected]

“OSINT는 도구가 아니라 사고방식이다.”교육을 준비하면서 가장 자주 되돌아보는 문장입니다. 데이터는 아무리 많아도 연결하고 추론하는 힘이 없으면 노이즈일 뿐입니다. 그래서 저희가 교육을 설계할 때 가장 고민하는 ...
21/05/2026

“OSINT는 도구가 아니라 사고방식이다.”

교육을 준비하면서 가장 자주 되돌아보는 문장입니다. 데이터는 아무리 많아도 연결하고 추론하는 힘이 없으면 노이즈일 뿐입니다. 그래서 저희가 교육을 설계할 때 가장 고민하는 부분도 ‘어떤 도구를 가르칠 것인가’가 아닌, ‘어떤 사고 흐름을 남길 것인가’입니다.

이번 제21회 OSINT 인텔리전스 전문가 과정은 그 사고 흐름 위에 한 조각을 더 올렸습니다. 바로 ‘AI가 OSINT 워크플로우에 어떻게 녹아드는가’입니다. 이를 위해 3일차 전체를 AI 기반 OSINT 시나리오로 새롭게 재설계했습니다.

현업에서 바로 활용할 수 있는 LLM 기반 수집 자동화와 생성형 AI 리포트 작성까지, 실무 중심의 워크플로우를 경험해 보세요.

📅 일정: 2026년 6월 30일(화) ~ 7월 2일(목) (3일간)
📍 장소: GMD SOFT Academy VENTI 룸 (판교)

[커리큘럼]
• Day 1: OSINT 기초지식 및 핵심 기법
• Day 2: 고급 데이터 수집 및 StealthMole을 활용한 다크웹 분석
• Day 3: AI 기반 OSINT 시나리오 및 인텔리전스 리포트 작성

🎁 수강생 특별 혜택
• StealthMole 플랫폼 1개월 라이선스 (USD 5,000 상당)
• 온라인 트레이닝 1년 구독권
• 업계 전문가 네트워킹 기회

💡 [5월 한정] Early Bird 등록 시 20% 할인!
👥 소수 정예 진행으로 조기 마감될 수 있습니다.

📩 등록 https://www.stealthmole.com/training/osint-training

문의: [email protected]

#보안교육

20/05/2026

𝟮 𝗵𝗼𝘂𝗿𝘀 𝗹𝗲𝗳𝘁 𝘂𝗻𝘁𝗶𝗹 𝗼𝘂𝗿 𝗹𝗶𝘃𝗲 𝗕𝗔𝗦𝗛𝗘 𝘄𝗲𝗯𝗶𝗻𝗮𝗿 𝗯𝗲𝗴𝗶𝗻𝘀.

What started as a ransomware leak site investigation eventually uncovered infrastructure overlaps, Telegram activity, and operational links connected to Eraleign (APT73).

𝗙𝗿𝗼𝗺 𝗘𝗿𝗮𝗹𝗲𝗶𝗴𝗻 𝘁𝗼 𝗕𝗔𝗦𝗛𝗘: 𝗜𝗻𝘃𝗲𝘀𝘁𝗶𝗴𝗮𝘁𝗶𝗻𝗴 𝘁𝗵𝗲 𝗘𝘃𝗼𝗹𝘂𝘁𝗶𝗼𝗻 𝗼𝗳 𝗮 𝗥𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲 𝗢𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻

📅 Today, May 20, 2026
⏰ 4:00 PM SGT (GMT+8)
📍 Live on Zoom Webinar

✔ Infrastructure & leak site analysis
✔ Telegram & ransomware ecosystem investigation
✔ Live StealthMole demo

👉 Register here: https://us06web.zoom.us/webinar/register/WN_567M6O9CSy-SwS5ePX7KrA

🎁 Stay until the end for a chance to join our live lucky draw

20/05/2026

𝗕𝗔𝗦𝗛𝗘 𝗹𝗼𝗼𝗸𝗲𝗱 𝗹𝗶𝗸𝗲 𝗮𝗻𝗼𝘁𝗵𝗲𝗿 𝗿𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲 𝗹𝗲𝗮𝗸 𝘀𝗶𝘁𝗲 𝗮𝘁 𝗳𝗶𝗿𝘀𝘁 𝗴𝗹𝗮𝗻𝗰𝗲.
But the investigation uncovered something much bigger 👀

From Telegram activity and mirror domains to the unexpected connection with 𝗔𝗣𝗧𝟳𝟯 and 𝗘𝗿𝗮𝗹𝗲𝗶𝗴𝗻, the findings revealed how ransomware operations evolve while keeping their infrastructure and ecosystem alive.

We’ve now turned the investigation into a full intelligence breakdown on YouTube, combining infrastructure analysis, Telegram tracking, and insights uncovered through the StealthMole platform.

🎥 Watch the full investigation here: https://youtu.be/8AimTOnTQJo

𝗔𝗹𝘀𝗼, 𝗼𝘂𝗿 𝗕𝗔𝗦𝗛𝗘 𝘄𝗲𝗯𝗶𝗻𝗮𝗿 𝗶𝘀 𝗵𝗮𝗽𝗽𝗲𝗻𝗶𝗻𝗴 𝘁𝗼𝗱𝗮𝘆.
We’ll be walking through the investigation process and key findings in more detail live.

🟢 If you haven’t registered yet, there’s still time to join: https://us06web.zoom.us/webinar/register/WN_567M6O9CSy-SwS5ePX7KrA

𝟯 𝗱𝗮𝘆𝘀 𝘁𝗼 𝗴𝗼 𝗳𝗼𝗿 𝗼𝘂𝗿 𝘂𝗽𝗰𝗼𝗺𝗶𝗻𝗴 𝗿𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲 𝗶𝗻𝘃𝗲𝘀𝘁𝗶𝗴𝗮𝘁𝗶𝗼𝗻 𝘄𝗲𝗯𝗶𝗻𝗮𝗿.A ransomware operation changed its branding. The infrastr...
18/05/2026

𝟯 𝗱𝗮𝘆𝘀 𝘁𝗼 𝗴𝗼 𝗳𝗼𝗿 𝗼𝘂𝗿 𝘂𝗽𝗰𝗼𝗺𝗶𝗻𝗴 𝗿𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲 𝗶𝗻𝘃𝗲𝘀𝘁𝗶𝗴𝗮𝘁𝗶𝗼𝗻 𝘄𝗲𝗯𝗶𝗻𝗮𝗿.

A ransomware operation changed its branding. The infrastructure didn’t.

In this session, we’ll walk through how BASHE was connected to Eraleign (APT73) through dark web infrastructure, Telegram activity, and ransomware ecosystem analysis.

📅 Wednesday, May 20, 2026
⏰ 4:00 PM SGT (GMT+8)

✔ Live dark web investigation walkthrough
✔ Threat actor infrastructure analysis
✔ Telegram & ransomware ecosystem tracking

👉 Save your spot: https://us06web.zoom.us/webinar/register/WN_567M6O9CSy-SwS5ePX7KrA

🎁 Stay until the end for a chance to win our live lucky draw

Started with a 𝘀𝗶𝗻𝗴𝗹𝗲 𝗖𝗵𝗶𝗻𝗲𝘀𝗲-𝗹𝗮𝗻𝗴𝘂𝗮𝗴𝗲 onion site.Ended up 𝘂𝗻𝗰𝗼𝘃𝗲𝗿𝗶𝗻𝗴 𝗮𝗻 𝗲𝗻𝘁𝗶𝗿𝗲 𝗲𝗰𝗼𝘀𝘆𝘀𝘁𝗲𝗺 built around mirrors, Telegram...
18/05/2026

Started with a 𝘀𝗶𝗻𝗴𝗹𝗲 𝗖𝗵𝗶𝗻𝗲𝘀𝗲-𝗹𝗮𝗻𝗴𝘂𝗮𝗴𝗲 onion site.
Ended up 𝘂𝗻𝗰𝗼𝘃𝗲𝗿𝗶𝗻𝗴 𝗮𝗻 𝗲𝗻𝘁𝗶𝗿𝗲 𝗲𝗰𝗼𝘀𝘆𝘀𝘁𝗲𝗺 built around mirrors, Telegram coordination, and rotating infrastructure 👀

What first looked like a standalone marketplace quickly expanded into something much bigger through StealthMole’s investigation.

The platform known as “𝗙𝗿𝗲𝗲 𝗖𝗶𝘁𝘆” wasn’t just operating through one hidden service. Multiple onion mirrors, Telegram channels, admin accounts, and automated bots were all working together to keep the ecosystem active and visible even as domains changed over time.

🕸️ Multiple mirrored onion domains tied to the same marketplace ecosystem
💬 Telegram channels handling announcements, tutorials, and operational coordination
🤖 Automated bot activity supporting promotion and community engagement
🧩 Escrow services, underground trading, and region-based marketplace structures all connected through the same network

What stands out most is how underground marketplaces are evolving.
It’s no longer just about a single darkweb site. The infrastructure now lives across interconnected platforms designed for persistence and resilience 🔎

Read the full report: https://stealthmole-intelligence-hub.blogspot.com/2026/05/mirrors-of-free-city-investigating.html

What looked like a new ransomware operation started pointing to an older identity.Join our upcoming webinar:𝗙𝗿𝗼𝗺 𝗘𝗿𝗮𝗹𝗲𝗶𝗴...
15/05/2026

What looked like a new ransomware operation started pointing to an older identity.

Join our upcoming webinar:
𝗙𝗿𝗼𝗺 𝗘𝗿𝗮𝗹𝗲𝗶𝗴𝗻 𝘁𝗼 𝗕𝗔𝗦𝗛𝗘: 𝗜𝗻𝘃𝗲𝘀𝘁𝗶𝗴𝗮𝘁𝗶𝗻𝗴 𝘁𝗵𝗲 𝗘𝘃𝗼𝗹𝘂𝘁𝗶𝗼𝗻 𝗼𝗳 𝗮 𝗥𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲 𝗢𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻

During this live session, we’ll walk through how infrastructure overlaps, Telegram activity, and leak site analysis helped uncover connections between 𝗕𝗔𝗦𝗛𝗘 and 𝗘𝗿𝗮𝗹𝗲𝗶𝗴𝗻 (𝗔𝗣𝗧𝟳𝟯) using StealthMole.

📅 Wednesday, May 20, 2026
⏰ 4:00 PM SGT (GMT+8)
📍 Live on Zoom Webinar

✔ Infrastructure & ransomware ecosystem analysis
✔ Dark web investigation walkthrough
✔ Live StealthMole demo

👉 Register now: https://us06web.zoom.us/webinar/register/WN_567M6O9CSy-SwS5ePX7KrA

Started from one onion domain. Ended up uncovering an entire marketplace ecosystem 👀At first, it looked like another dar...
13/05/2026

Started from one onion domain. Ended up uncovering an entire marketplace ecosystem 👀

At first, it looked like another dark web storefront selling the usual mix of illicit products. But after digging deeper through StealthMole, the connections started stacking up fast.

What surfaced was a network tied to both 𝗖𝗮𝗿𝘁𝗲𝗹 𝗠𝗮𝗿𝗸𝗲𝘁 and 𝗗𝗮𝗿𝗸 𝗪𝗲𝗯 𝗦𝘁𝗼𝗿𝗲, with overlapping infrastructure, mirrored onion domains, recurring contact patterns, and connected Telegram promotion channels.

🕸️ Multiple linked onion domains reusing the same layouts and assets
💬 Shared email patterns and Telegram identities across marketplaces
₿ Distributed Bitcoin wallets supporting the same operational network
📣 External promotion channels extending visibility beyond the dark web itself

What makes cases like this interesting isn’t the marketplace alone
It’s seeing how these operations quietly evolve, rebrand, and keep moving without really disappearing 🔎

Explore the full report: https://stealthmole-intelligence-hub.blogspot.com/2026/05/dark-web-store-rebranded-tracking.html

𝗕𝗔𝗦𝗛𝗘 has increasingly appeared across ransomware monitoring channels over the past year, linked to leak sites, affiliat...
11/05/2026

𝗕𝗔𝗦𝗛𝗘 has increasingly appeared across ransomware monitoring channels over the past year, linked to leak sites, affiliate activity, and victim disclosures across multiple regions. But behind the current branding, several indicators began pointing toward an older identity: 𝗘𝗿𝗮𝗹𝗲𝗶𝗴𝗻 (𝗔𝗣𝗧𝟳𝟯).

In our upcoming webinar, 𝗙𝗿𝗼𝗺 𝗘𝗿𝗮𝗹𝗲𝗶𝗴𝗻 𝘁𝗼 𝗕𝗔𝗦𝗛𝗘: 𝗜𝗻𝘃𝗲𝘀𝘁𝗶𝗴𝗮𝘁𝗶𝗻𝗴 𝘁𝗵𝗲 𝗘𝘃𝗼𝗹𝘂𝘁𝗶𝗼𝗻 𝗼𝗳 𝗮 𝗥𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲 𝗢𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻, we’ll walk through how connections between Eraleign (APT73) and BASHE were uncovered through dark web infrastructure, Telegram activity, affiliate structures, and operational overlaps.

The session will also include a live investigation demo using StealthMole to demonstrate how these hidden relationships can be identified across ransomware ecosystems.

📅 Wednesday, 20th May 2026
🕓 4:00 PM (SGT)
🎥 Live on Zoom Webinar
🔗 Register here: https://us06web.zoom.us/webinar/register/WN_567M6O9CSy-SwS5ePX7KrA

09/05/2026

Most ransomware investigations stop at the surface.

What often gets missed is the network behind it
the aliases, infrastructure, affiliations, and activity spread across the dark web.

Our latest webinar takes a closer look at the HellCat ransomware group, including a live profiling session uncovering figures linked to the case such as Miyako and Rey through real dark web intelligence analysis.

Couldn’t join the live session?

The full recording is now available on YouTube.

🎥 Watch the full webinar here: https://youtu.be/Pj6SWafCYaQ

StealthMole hosts monthly webinars and live investigations covering ransomware activity, cyber threats, OSINT, and dark web intelligence.

Address

Singapore

Website

Alerts

Be the first to know and let us send you an email when StealthMole posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to StealthMole:

Shortcuts

Share

Category