Spyware / C2 (malware side)
Bulletproof host / phishing infra
APEX RENT platform / person
Sanctioned BPH constellation
Cluster A (attribution unconfirmed)
Observed / high confidence
Passive DNS, certificate transparency, RDAP/WHOIS, Shodan, static + dynamic APK analysis, and Qurium / OFAC / EU sanctions records · indicators defanged · CrimsonVector 2026