Q-Feeds logo

Products & Services

Solutions

Pricing

Company

About

Label with EU stars, 'Made in Europe' text.
~
Label with EU stars, 'Made in Europe' text.
~

Firewall integrations

9

Fortinet

Elevate the power of your Fortinet Fortigate Firewall using by adding our Intelligence.

9

Palo Alto

Palo Alto Firewalls can be hardened with our threat intelligence as well.

9

Sophos XGS

Enhance the Sophos XGS Firewall with our threat intelligence.

9

OPNsense

Enhance your OPNsense Firewall with our threat intelligence using the native plugin.

SIEM integrations

9

Splunk

Splunk is a great platform, but without the right Threat Intelligence it's just a log server. Try our threat intelligence today. 

9

Microsoft Sentinel

One of the most used SIEM solutions should be enriched with the right Intelligence. At Q-Feeds you're at the right place!

9

Other

Luckily there are many other SIEM vendors whom support 3rd party threat intelligence.

Threat Intelligence Portal

9

Darkweb Monitoring

Darkweb monitoring is one of our services, not only for threat intelligence but also for you most important assets.

9

Threat Lookup

With Threat Lookup you get full insights in our IOC database, including full MITRE ATT&K mapping.

9

External Attack Surface Management

A toolset to check your external facing assets exposed on the internet

9

Vulnerability Scanner

A comprehensive vulnerability scanner which can scan your infrastructure and web applications

9

Brand Protection

Protect your brand for look-a-likes and potential phishing attempts

Services

9

TAXII Feeds & Server Software

TAXII/STIX2.1 standard. Both in form of feeds and server software available

9

Implementation

Need help with implementations? No worries, we have a strong network of partners who are able to help you.

Solutions

9

Enrich my SIEM

Elevate the power of your SIEM solution using by adding our Intelligence.

9

Enrich my Firewall

Firewalls can be hardened with our threat intelligence as well.

9

Prevent phishing

Enhance your protection against phishing

9

Achieve compliancy

Achieve compliancy by correlating the best threat intelligence to your logs

Futuristic eye design with circuits and geometric shapes.

Company

9

About

Read here all about Q-Feeds

9

News and Updates

Cybersecurity news and updates about us

9

Publications

All of our media coverage in one place

9

Become a reseller

Strengthen your portfolio with our comprehensive reseller program

9

Partner locator

Find our certified partners here

9

Contact

For all your questions or inquiries

Neural network representation of a human brain

Support

9

My Account

Access your account and manage your licenses

9

Downloads & Manuals

On this page you find white papers and manuals

9

Knowledge base

Our knowledge base full of implementation instructions

9

Start for free

Start your cyber security intelligence journey here

Abstract geometric wireframe human head

Amaranth-Dragon: Exploiting CVE-2025-8088 for spear phishing in Southeast Asia

Feb 5, 2026 | Threat Intelligence Research

Amaranth-Dragon Targets Southeast Asian Governments Using New Exploits

Amaranth-Dragon, associated with APT-41, has conducted targeted cyber-espionage campaigns against governmental and law enforcement agencies across Southeast Asia since March 2025. The group has exploited a recently disclosed vulnerability in WinRAR (CVE-2025-8088) to deliver malicious payloads.

The attacks typically revolve around geopolitical events, using lures cleverly tied to contemporary issues. Amaranth-Dragon employed a custom loader known as the Amaranth Loader to execute their attacks. After exploiting CVE-2025-8088, which allows arbitrary code execution through specially crafted RAR archives, the group achieved persistence by dropping malicious scripts in the Startup folder. This loader then downloads encrypted payloads that often include the Havoc Command and Control (C2) Framework via infrastructure masked with geo-targeting capabilities.

The recent addition of TGAmaranth RAT, a Telegram-based remote access tool, enhances their operational complexity. This tool features anti-detection mechanisms and enables command and control via Telegram, allowing the adversaries to execute commands remotely on infected machines. Various campaigns have targeted countries like Malaysia, Indonesia, Thailand, and the Philippines, strategically timed to leverage local political climates.

Why This Matters
The implications of these attacks extend beyond technical breaches. Targets like government agencies face significant data theft risks that could jeopardize national security. For defenders, these incidents emphasize the necessity for constant patch management and user education to mitigate risks from new vulnerabilities exploited by sophisticated threat actors.

Defense Strategies
Implementing robust SIEM solutions, timely vulnerability management for newly disclosed CVEs, and monitoring for suspicious archive activity can mitigate risks. Organizations should establish comprehensive threat detection and response protocols to effectively counteract threats like those posed by Amaranth-Dragon.

Indicators of Compromise (IOCs)

  • Malicious RAR Archives:
    • Hash: 259819d1ae6421c2871f2ba0d128089036a0b29b92b8fa4d3e7f42036fc297a3b765e365e27cdce5e34d7e8ba4bb949aa5c491b950ab30688d5dbadc
  • URLs:
    • dropbox.com/scl/fi/ln6q8ip8k3dvx6xxyi71s/gs.rar?rlkey=w9vg1ehva23iitfdt5oh2x6cj
    • softwares.dailydownloads.net/products/microsoft/office/product-key/DB2F.activation.key
  • TGAmaranth RAT:
    • Hash: 803fb65a58808fd3752f9f76b5c75ca914196305

Click here for the full article

Try our Intelligence today!

Streamline your security operations with a free Q-Feeds trial and see the difference.

Activate free access

Other articles