← All reports

Operation PhantomCLR is a sophisticated cyber threat involving stealth execution through AppDomain hijacking and in-memory .NET abuse.

CybersecurityThreat DetectionConflictApr 21, 2026score 0.173 posts · 0 replies across 1 instances
The thread discusses several cybersecurity threats and detection methods, including Operation PhantomCLR, the AdaptixC2 agent, and UNC1945. These posts highlight emerging cyber threats and the use of specific tools for detection, emphasizing the need for further verification and security measures.

Claims

Operation PhantomCLR is a sophisticated cyber threat involving stealth execution through AppDomain hijacking and in-memory .NET abuse.
Parent: CybersecurityEntity: Operation PhantomCLRImpact: negativeDate: Apr 21, 2026Target: Operation PhantomCLR
The AdaptixC2 agent can be detected using KATA and KEDR tools.
Parent: Threat DetectionEntity: AdaptixC2 agentImpact: positiveDate: Apr 21, 2026Target: AdaptixC2 agent
UNC1945 is a cyber threat that leverages the 'Live off the Land' technique and involves creating a custom environment for execution.
Parent: MalwareEntity: UNC1945Impact: negativeDate: Apr 21, 2026Target: UNC1945

Source posts

@[email protected]
Operation PhantomCLR: Stealth Execution via AppDomain Hijacking and In-Memory .NET Abuse Pulse ID: 69e6fbeadd744bb14e9f2296 Pulse Link: https://otx.alienvault.com/pulse/69e6fbeadd744bb14e9f2296 Pulse Author: Tr1sa111 Created: 2026-04-21 04:24:10 Be advised, this data is unverified and should be considered preliminary. Always do further verification. #CyberSecurity #InfoSec #NET #OTX #OpenThreatExchange #RAT #bot #Tr1sa111
0 boosts · 0 favs · 0 replies · Apr 21, 2026
#cybersecurity#infosec#net#otx#openthreatexchange#rat
@[email protected]
Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945 Pulse ID: 69e6fbb91d214e15b8c8e9df Pulse Link: https://otx.alienvault.com/pulse/69e6fbb91d214e15b8c8e9df Pulse Author: Tr1sa111 Created: 2026-04-21 04:23:21 Be advised, this data is unverified and should be considered preliminary. Always do further verification. #CyberSecurity #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111
0 boosts · 0 favs · 0 replies · Apr 21, 2026
#cybersecurity#infosec#otx#openthreatexchange#bot#tr1sa111
@[email protected]
Using KATA and KEDR to detect the AdaptixC2 agent Pulse ID: 69e6fbbf75365c73146dab55 Pulse Link: https://otx.alienvault.com/pulse/69e6fbbf75365c73146dab55 Pulse Author: Tr1sa111 Created: 2026-04-21 04:23:27 Be advised, this data is unverified and should be considered preliminary. Always do further verification. #CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111
0 boosts · 0 favs · 0 replies · Apr 21, 2026
#cybersecurity#edr#infosec#otx#openthreatexchange#bot