Back to Intelligence

TeamPCP Supply Chain, Rebex Telegram RAT, & GachiLoader: OTX Pulse Analysis

SA
Security Arsenal Team
May 2, 2026
6 min read

Recent OTX pulses indicate a surge in sophisticated, multi-vector threats targeting enterprise infrastructure and end-users. Three distinct campaigns have been identified:

  1. TeamPCP Supply Chain Attack: The threat actor TeamPCP is conducting a highly calculated supply chain attack compromising widely trusted open-source security tools, including vulnerability scanners (Trivy, KICS) and an AI gateway (LiteLLM). The objective is to deploy CanisterWorm, a destructive malware, leveraging CVE-2025-55182.
  2. Rebex-based Telegram RAT: A campaign specifically targeting Vietnamese entities utilizes trojanized CV documents (CHM files) to deliver a multi-stage payload. The malware uses Python interpreters, C++ DLLs, and layered XOR encryption to establish a Remote Access Trojan (RAT) communicating via Telegram, utilizing the Rebex library.
  3. GachiLoader AI Skill Lure: Threat actors are weaponizing AI agent skill formats (specifically OpenClaw) to distribute GachiLoader, which subsequently drops the Rhadamanthys infostealer. This campaign relies on social engineering rather than pure exploit code, tricking users into downloading malicious Windows binaries.

Collectively, these campaigns demonstrate a shift toward abusing trusted development tools (supply chain) and emerging tech trends (AI skills) to deliver established malware payloads.

Threat Actor / Malware Profile

TeamPCP & CanisterWorm

  • Distribution Method: Supply chain compromise of security tools (Trivy, KICS, LiteLLM, Telnyx Python SDK).
  • Payload Behavior: CanisterWorm (wiper/worm).
  • Persistence: N/A (Likely resides in memory or replaces legitimate binaries).
  • C2 Communication: Utilizes cloudflare tunneling domains and specific hostnames (e.g., *.trycloudflare.com, *.raw.icp0.io).
  • Anti-Analysis: Supply chain attacks are inherently difficult to detect as the malicious code originates from a trusted signing source or infrastructure.

Rebex Telegram RAT

  • Distribution Method: Trojanized CHM (Compiled HTML Help) files disguised as CVs.
  • Payload Behavior: Multi-stage involving Python loaders and C++ DLLs. Uses XOR encryption.
  • Persistence: Shell hijacking and Scheduled Tasks.
  • C2 Communication: Uses Telegram for C2, likely leveraging the Rebex library for network operations.
  • Anti-Analysis: Layered XOR encryption, multi-stage payload delivery to evade static analysis.

GachiLoader & Rhadamanthys

  • Distribution Method: Fake GitHub infrastructure hosting "AI Agent Skills" (OpenClaw lures).
  • Payload Behavior: GachiLoader (Node.js SEA/Electron dropper) -> Rhadamanthys Infostealer.
  • Persistence: Fileless injection techniques.
  • C2 Communication: Blockchain-based C2 infrastructure.
  • Anti-Analysis: Node.js SEA packing, Electron dropper usage, social engineering via AI trends.

IOC Analysis

The provided indicators of compromise (IOCs) are critical for detection:

  • File Hashes (SHA256, MD5, SHA1): A significant volume of file hashes are provided for the payloads (Python loaders, Node.js binaries, compromised tools). SOC teams should operationalize these by uploading them to EDR allowlist/blocklist configurations and scanning historical file logs.
  • CVE (CVE-2025-55182): This vulnerability is the entry point for the TeamPCP campaign. Vulnerability management teams must patch this immediately.
  • Hostnames: Infrastructure related to TeamPCP uses trycloudflare.com and raw.icp0.io domains. While these are legitimate tunneling services, the specific subdomains provided should be blocked at the perimeter.

Operationalization:

  • EDR: Query for SHA256 hashes on endpoints.
  • SIEM: Correlate process execution of compromised tools (Trivy, KICS) with network connections to the listed hostnames.
  • Network: Block the specific hostnames and monitor for outbound connections to Telegram API if not already whitelisted strictly.

Detection Engineering

YAML
title: TeamPCP CanisterWorm Supply Chain Compromise
date: 2026/05/03
status: stable
description: Detects the execution of compromised security tools (Trivy, KICS, LiteLLM) spawning suspicious child processes or connecting to TeamPCP infrastructure. References CVE-2025-55182.
references:
    - https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/
author: Security Arsenal
logsource:
    category: process_creation
    product: windows
detection:
    selection_parent:
        ParentImage|endswith:
            - '\trivy.exe'
            - '\kics.exe'
            - 'node.exe' # LiteLLM context
            - 'python.exe'
    selection_suspicious:
        Image|endswith:
            - '\powershell.exe'
            - '\cmd.exe'
            - '\powershell_ise.exe'
            - '\wscript.exe'
    selection_network:
        Initiated: 'true'
        DestinationHostname|contains:
            - 'trycloudflare.com'
            - 'raw.icp0.io'
    condition: 1 of selection*
falsepositives:
    - Legitimate administrative usage of security tools
level: high
---
title: Rebex Telegram RAT via CHM Infection Chain
date: 2026/05/03
status: stable
description: Detects suspicious process execution patterns associated with the Rebex-based Telegram RAT campaign involving CHM files and Python loaders.
references:
    - https://dmpdump.github.io/posts/TelegramRat/
author: Security Arsenal
logsource:
    category: process_creation
    product: windows
detection:
    selection_chm:
        ParentImage|endswith: '\hh.exe'
        Image|endswith:
            - '\python.exe'
            - '\pythonw.exe'
    selection_xor:
        CommandLine|contains: 'xor'
    selection_telegram:
        DestinationHostname|contains: 'api.telegram.org'
    condition: selection_chm or (all of selection_*)
falsepositives:
    - Legitimate documentation viewing with embedded scripts
level: high
---
title: GachiLoader AI Skill Lure Execution
date: 2026/05/03
status: stable
description: Detects execution of Node.js SEA or Electron binaries attempting to load DLLs or scripts often associated with GachiLoader and Rhadamanthys via AI skill lures.
references:
    - https://www.threatdown.com/blog/gachiloader-adopts-ai-skill-lure-from-fake-openclaw-readme-to-rhadamanthys-infostealer/
author: Security Arsenal
logsource:
    category: process_creation
    product: windows
detection:
    selection_node:
        Image|endswith:
            - '\node.exe'
            - '\electron.exe'
    selection_lure_cl:
        CommandLine|contains:
            - 'openclaw'
            - 'ai-skill'
    selection_suspicious_child:
        Image|endswith:
            - '\regsvr32.exe'
            - '\rundll32.exe'
    condition: selection_node and (selection_lure_cl or selection_suspicious_child)
falsepositives:
    - Legitimate Node.js development
level: medium


kql
// Hunt for TeamPCP indicators and CVE-2025-55182 exploitation
DeviceNetworkEvents
| where RemoteUrl has_any ("trycloudflare.com", "raw.icp0.io")
| project DeviceName, InitiatingProcessFileName, RemoteUrl, RemoteIP
| union ( 
  DeviceProcessEvents 
  | where InitiatingProcessFileName in~ ("trivy.exe", "kics.exe", "node.exe") 
  | where ProcessCommandLine contains any ("CVE-2025-55182", "--config", "-c")
  )
| union (
  DeviceFileEvents
  | where SHA256 in (
    "ced7fe9c5ec508216e6dd9a59d2d5193a58bdbac5f41a38ea97dd5c7fceef7a5", 
    "076ba40e7fbf2910dff87f0c25862a70001d8ad81d23d8beae9fb9b29b603829",
    "18a24f83e807479438dcab7a1804c51a00dafc1d526698a66e0640d1e5dd671a",
    "0c0d206d5e68c0cf64d57ffa8bc5b1dad54f2dda52f24e96e02e237498cb9c3a"
    )
  )


powershell
# IOC Hunt Script for Rebex RAT and GachiLoader
# Requires administrative privileges

Write-Host "Starting IOC Hunt..." -ForegroundColor Cyan

# Define Malicious Hashes from Pulse Data
$MaliciousHashes = @(
    "ced7fe9c5ec508216e6dd9a59d2d5193a58bdbac5f41a38ea97dd5c7fceef7a5",
    "4e9e70c2a8002ce4a70ab43ae80c2a25",
    "1323278360d41a74ab09d310f08902087ff2798d1eda99be65d07c1b1123a25c",
    "67b51a73c72f39b9cf41dd35eb22b369713ab2e576641b40b9089ebc9d4a1fb2",
    "6db64b44305ff125f729713d7ff516e84e4ca38504a2ab0571eb19597f49feee",
    "076ba40e7fbf2910dff87f0c25862a70001d8ad81d23d8beae9fb9b29b603829",
    "1753d2f90bd4ac6c0c91e76322ae1d0cc8034842a61dc175c7aba3e1aa944c90",
    "539ac28b816ed0ab17879712a460396bd812221b93540590eccdb89c8196db96"
)

# Check Common Download/Directories for matching file hashes
Write-Host "Checking file hashes in user directories..."
Get-ChildItem -Path C:\Users -Recurse -ErrorAction SilentlyContinue | 
Where-Object { $_.Length -gt 0kb -and $_.Length -lt 10mb } | 
ForEach-Object {
    $hash = (Get-FileHash -Path $_.FullName -Algorithm SHA256 -ErrorAction SilentlyContinue).Hash
    if ($MaliciousHashes -contains $hash) {
        Write-Host "[!] MALICIOUS FILE FOUND: $($_.FullName)" -ForegroundColor Red
    }
}

# Check for Shell Hijacking (Persistence mechanism mentioned in Pulse 1)
Write-Host "Checking for Shell Folders persistence..."
$ShellPaths = @(
    "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders",
    "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
)

foreach ($path in $ShellPaths) {
    if (Test-Path $path) {
        Get-Item -Path $path | Get-ItemProperty | 
        ForEach-Object {
            $properties = $_.PSObject.Properties | Where-Object { $_.Name -ne "PSPath" -and $_.Name -ne "PSParentPath" -and $_.Name -ne "PSChildName" -and $_.Name -ne "PSDrive" -and $_.Name -ne "PSProvider" }
            foreach ($prop in $properties) {
                if ($prop.Value -match ".*\\.*\\(python|node|cmd|powershell).*" -and $prop.Value -notmatch "C:\\Windows\\System32") {
                    Write-Host "[!] SUSPICIOUS SHELL HIJACK: $path -> $($prop.Name) = $($prop.Value)" -ForegroundColor Yellow
                }
            }
        }
    }
}

Write-Host "Hunt Complete." -ForegroundColor Green


# Response Priorities

*   **Immediate**:
    *   Block all identified file hashes on endpoints.
    *   Block network communication to `*.trycloudflare.com` and `*.raw.icp0.io` subdomains.
    *   Patch CVE-2025-55182 on all vulnerable systems immediately.

*   **24 Hours**:
    *   Hunt for evidence of Shell Hijacking in registry keys.
    *   Quarantine systems where Trivy, KICS, or LiteLLM have executed recently for forensic analysis.
    *   Initiate credential reset for users who may have interacted with the "OpenClaw" AI skill lures or trojanized CVs.

*   **1 Week**:
    *   Implement strict code-signing requirements and software supply chain verification for security tooling (DevSecOps pipelines).
    *   Update email gateways to filter CHM files and documents containing embedded Python scripts.
    *   Review and restrict the usage of AI agent skill repositories within the enterprise environment.

Related Resources

Security Arsenal Incident Response Managed SOC & MDR Services AlertMonitor Threat Detection From The Dark Side Intel Hub

darkwebotx-pulsedarkweb-malwareteampcpcanisterwormrebex-ratgachiloadersupply-chain-attack

Is your security operations ready?

Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.

Book a SOC AssessmentSee AlertMonitor in Action