BreakglassIntelligence

About Breakglass Intelligence

Independent threat intelligence research. We reverse engineer malware, map command-and-control infrastructure, attribute threat actors, and publish the kill-chain details other analysts can act on.

What we do

  • Malware analysis. Static and dynamic reverse engineering of RATs, loaders, stealers, and custom implants — with decrypted configs, extracted C2, and YARA rules.
  • C2 infrastructure mapping. Panel fingerprinting, certificate pivots, registrant attribution, victim enumeration from live operator infrastructure.
  • APT attribution. Toolmark, infrastructure, and TTP correlation against published actor profiles (Silver Fox, APT41, Lazarus, Mustang Panda, Kimsuky).
  • Responsible disclosure. Notifications to CERTs, hosting providers, and affected organizations ahead of public release.

Cited by

Editorial standards

  • Evidence first. Every claim maps to a hash, URL, cert, or DOM fragment we observed. Screenshots and raw artifacts linked where relevant.
  • No "first public" claims. We credit prior work when found and invite corrections under a standing offer to update attribution.
  • Defanged indicators. All IOCs in public posts are defanged (example[.]com) to prevent accidental resolution.
  • Machine-readable output. STIX 2.1 bundles, YARA rules, and Suricata signatures shipped alongside the narrative.

Contact

Consulting and private research inquiries: consulting.breakglass.tech. Tips, corrections, and prior-work credit requests: reply or DM @BreakGlassIntel.

← Back to reports