The Reveal Platform
Intel Name: Goldmelody’s hidden chords: initial access broker in-memory iis modules revealed
Date of Scan: July 9, 2025
Impact: High
Summary: This report examines the tools used by threat group TGR-CRI-0045, which appears to operate opportunistically. The group has targeted organizations in Europe and the U.S. across sectors like finance, manufacturing, tech, and logistics. They used leaked keys to sign malicious payloads via ASP.NET View State deserialization, enabling in-memory execution with minimal artifacts. With medium confidence, TGR-CRI-0045 is attributed to Gold Melody (also known as UNC961 or Prophet Spider).
