APT & Nation-State Intelligence
Advanced Persistent Threat intelligence tracking nation-state actors — Lazarus Group, Sandworm, Volt Typhoon, and others. Campaign TTPs, targeted sectors, and SIGMA/KQL detection rules.
APT & Nation-State — Archive & Latest
Interlock & Rhysida Ransomware Ecosystem + INC RaaS & AI-Driven ClickFix: OTX Pulse Analysis
OTX pulses reveal active Interlock/Rhysida operations, INC RaaS evolution, and AI-powered ClickFix campaigns targeting finance.
Rhysida, DragonForce & ShinyHunters: Multi-Vector Ransomware & Extortion Campaigns — OTX Pulse Analysis
Active ransomware operations by Rhysida, DragonForce, and ShinyHunters target US sectors via zero-days and trusted app abuse.
Interlock, DragonForce & UAT-8616: OTX Pulse Analysis — Ransomware & C2 Evasion Tactics
Hive0163 & Rhysida ransomware, DragonForce Teams C2, & UAT-8616 SD-WAN exploits. Critical action required for enterprise defense.
Hive0163 Interlock, UAT-8616 SD-WAN & ShinyHunters Zero-Day: Multi-Vector OTX Analysis
OTX tracks active campaigns: Rhysida ransomware, Cisco SD-WAN exploitation, and Oracle PeopleSoft zero-day attacks. High urgency.
Hive0163 InterlockRAT, UAT-8616 SD-WAN, & UNC6240 ShinyHunters: OTX Pulse Analysis — Enterprise Detection Pack
Active exploitation of SD-WAN & Oracle PeopleSoft; Interlock/Rhysida ransomware surge. Critical CVEs targeted. Immediate action required.
Interlock, Rhysida, and ShinyHunters: Zero-Day Exploitation & RaaS Operations — OTX Pulse Analysis
Critical zero-days in Oracle PeopleSoft and Cisco SD-WAN under active exploitation alongside Interlock/Rhysida ransomware targeting US sectors.
Storm-3075 AI Impersonation & UAT-8616 SD-WAN Exploitation: SilabRAT, Vidar, and Cisco Breaches
Active exploitation of Cisco SD-WAN (CVE-2026-20128) and AI-themed campaigns delivering Vidar/SilabRAT. Urgent detection required.
Storm-3075 AI Impersonation & SilabRAT MaaS Campaign: Multi-Vector Threat Analysis
AI-themed phishing, credential theft via Vidar/Lumma, and SilabRAT RAT targeting enterprise credentials. CRITICAL urgency.
AI Social Engineering, SD-WAN Exploitation, and SilabRAT MaaS: OTX Pulse Analysis
Urgent: Active AI-themed phishing delivering Vidar/Lumma, Cisco SD-WAN exploits (UAT-8616), and SilabRAT MaaS detected. Block IOCs.
Storm-3075 AI Phishing & SilabRAT MaaS: OTX Pulse Analysis — Enterprise Detection Pack
High urgency: Storm-3075 AI phishing, UAT-8616 Cisco SD-WAN exploitation, and SilabRAT MaaS detected. Actionable IOC pack.
Storm-3075 AI-Themed Social Engineering & 4BID ProxyShell Exploitation: OTX Pulse Intelligence — Enterprise Detection Pack
Storm-3075 & 4BID campaigns: AI phishing & ProxyShell attacks. Urgent: Hunt for Vidar, SilabRAT, Sliver, Lumma Stealer IOCs across enterprise.
SilabRAT MaaS & Storm-3075 AI Phishing: OTX Pulse Analysis — Enterprise Detection Pack
OTX pulses reveal Storm-3075 AI phishing, SilabRAT MaaS, and 4BID hacktivism. Detect stealers, RATs, and ProxyShell exploits.
Storm-3075 AI Phishing, SilabRAT MaaS, and 4BID ProxyShell Campaigns: OTX Pulse Analysis
Analysis of AI-themed credential theft, SilabRAT MaaS operations, and 4BID ProxyShell attacks targeting critical sectors.
Storm-3075 AI Phishing, SilabRAT MaaS & 4BID ProxyShell: OTX Pulse Analysis — Enterprise Detection Pack
Storm-3075 uses AI themes for Vidar/Lumma infections; SilabRAT MaaS targets crypto; 4BID exploits ProxyShell for Sliver C2 deployment.
Storm-3075 AI Impersonation & SilabRAT MaaS: OTX Pulse Analysis — Enterprise Detection Pack
Threat actors leverage AI-themed lures for Vidar/Lumma deployment while new SilabRAT MaaS targets crypto wallets. 4BID exploits ProxyShell.
AI-Hype Stealers & SilabRAT MaaS: OTX Pulse Analysis — Enterprise Detection Pack
Storm-3075 and o1oo1 exploiting AI trends with Vidar, Lumma, and SilabRAT. High urgency credential theft campaign.
SilabRAT MaaS & AI-Themed Infostealer Operations: Storm-3075 & o1oo1 Analysis
Emerging campaigns using AI-branded lures and SilabRAT to steal credentials/crypto. High urgency for Finance & Tech sectors.
AI-Themed Infostealer Surge: Storm-3075, TroyDen, and SilabRAT Campaign Analysis — Detection & Hunt Pack
Urgent: AI-themed campaigns deploying Lumma, Vidar, and SilabRAT. Storm-3075 and TroyDen targeting tech/finance. Includes detection rules.
AI-Themed Infostealers & 4BID ProxyShell Campaigns: Storm-3075, TroyDen, and 4BID OTX Analysis
Threat actors Storm-3075 and TroyDen leverage AI branding for Lumma/Vidar distribution; 4BID expands hacktivism via ProxyShell.
Storm-3075 AI Brand Impersonation & 4BID ProxyShell Attacks: OTX Pulse Intelligence Briefing
Storm-3075 abuses AI hype to spread Vidar/Lumma; 4BID exploits ProxyShell; TroyDen targets devs via GitHub. Detection engineering included.
Storm-3075 AI Hype, TroyDen GitHub Lures & 4BID ProxyShell: OTX Pulse Analysis — Enterprise Detection Pack
OTX pulses reveal Storm-3075 using AI brands for infostealing, TroyDen targeting devs, and 4BID exploiting ProxyShell. Immediate block recommended.
TroyDen Lure Factory & ClickFix RAT: OTX Pulse Analysis — Enterprise Detection Pack
AI-generated GitHub lures and job platform phishing delivering LuaJIT stealers & Python RATs. Immediate blocking required.
TroyDen & ClickFix Campaigns: AI-Generated Lures, Python RATs, and Multi-Vector Stealer Ecosystems
OTX detects surge in TroyDen and ClickFix campaigns using AI lures and job scams to deliver Redline, Lumma, and Python RATs.
TroyDen AI Lures & ClickFix RAT: OTX Analysis of Multi-Vector Malware Distribution
OTX Pulse Analysis: AI-generated GitHub lures (TroyDen) and job site phishing (ClickFix) deploying Python RATs and infostealers against developers.
Multi-Vector Infostealer Surge: TroyDen AI Lures, ClickFix RATs, and TDS Hijacking
Active campaigns distributing LummaStealer, Redline, and Python RATs via AI-generated lures, job scams, and traffic distribution systems. High urgency.
TroyDen AI Lures, ClickFix Python RATs, and SessionGate TDS: OTX Pulse Analysis
Active campaigns targeting devs via AI-generated GitHub lures, LinkedIn job scams delivering Python RATs, and SEO-poisoned dev tools.
ClickFix RAT, SEO Poisoning TDS & GriefLure APT: Multi-Vector Threat Landscape
Three distinct campaigns observed: ClickFix delivering Python RATs, SEO poisoning TDS spreading stealers, and APT spear-phishing targeting telcos.
ClickFix RAT, Malware TDS, & Operation GriefLure: OTX Pulse Analysis
Analysis of active ClickFix Python RAT delivery, SEO-poisoned TDS malware ecosystem, and APT GriefLure targeting military/healthcare sectors.
CastleLoader RAT, TDS Malware Distribution, and Operation GriefLure: OTX Pulse Analysis — Enterprise Detection Pack
Active OTX pulses reveal ClickFix RAT scams, TDS-based stealers, and APT GriefLure targeting SE Asia. Urgent detection required.
CastleLoader RAT, SessionGate TDS, and Gamaredon GammaSteel: OTX Pulse Analysis — Enterprise Detection Pack
Analysis of LinkedIn/Indeed phishing typosquatting, fake freeware TDS, and Gamaredon's GammaSteel targeting Ukraine.
ClickFix RAT, Malware TDS, and Gamaredon's GammaSteel: OTX Pulse Analysis — Enterprise Detection Pack
Active ClickFix campaigns delivering Python RATs, TDS ecosystems spreading stealers via SEO poisoning, and Gamaredon targeting Ukraine with GammaSteel.
Gamaredon GammaSteel, ClickFix RATs, and TDS Stealers: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns: Gamaredon GammaSteel targeting Ukraine, ClickFix Python RATs, and TDS-driven stealers. High urgency.
ClickFix Loaders, UAT-8302 APT Operations, and TDS Malware Ecosystems: OTX Pulse Analysis
Critical OTX analysis: ClickFix loaders delivering RATs, UAT-8302 targeting gov/telco, and TDS campaigns impersonating dev tools.
ClickFix, SEO Poisoning, and UAT-8302 APT Activity: OTX Pulse Analysis — Enterprise Detection Pack
ClickFix social engineering, SEO poisoning, and UAT-8302 APT targeting Gov/Telco. High urgency; detection pack inside.
ClickFix, LofyStealer & JINX-0164: Multi-Vector Social Engineering & Supply Chain Assaults — OTX Pulse Analysis
Active OTX pulses detail ClickFix clipboard hijacking, LofyStealer gaming malware, and JINX-0164 crypto-dev targeting. Critical detection guidance provided.
ClickFix, LofyStealer, and JINX-0164: OTX Pulse Analysis — Credential Theft & Supply Chain Attacks
Active campaigns involving ClickFix, LofyStealer, and JINX-0164 targeting general users, gamers, and crypto sectors via social engineering and supply chain attacks. High urgency.
ClickFix, LofyStealer, and JINX-0164: Multi-Vector Campaigns Targeting Developers and Gamers — OTX Intelligence Briefing
OTX Pulse Analysis: ClickFix, LofyStealer & JINX-0164 campaigns targeting crypto & gamers. High urgency. Block IOCs immediately.
ClickFix, LofyStealer, and JINX-0164: Social Engineering Drives RATs and Stealers
Active OTX pulses reveal social engineering campaigns (ClickFix, fake recruiters) deploying NetSupport RAT, LofyStealer, and crypto-targeting malware.
ClickFix, LofyStealer & JINX-0164: Multi-Vector Campaigns Targeting Developers & Gamers — OTX Pulse Analysis
Active campaigns: ClickFix (CastleLoader/NetSupport), LofyStealer (Minecraft), and JINX-0164 (Crypto Devs) detected via social engineering. High urgency.
ClickFix, LofyStealer & JINX-0164: OTX Pulse Analysis — Enterprise Detection Pack
Live OTX pulses reveal active campaigns by ClickFix, LofyGang, and JINX-0164 utilizing social engineering, fake utilities, and supply chain attacks to steal credentials and target crypto infrastructure.
ClickFix, LofyStealer & JINX-0164 Campaigns: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns utilizing ClickFix social engineering, Minecraft-targeted stealers, and crypto-dev supply chain attacks. High urgency.
ClickFix & JINX-0164: Multi-Platform RAT and Stealer Campaigns Targeting Endpoints
OTX Pulse Analysis: Active campaigns delivering NetSupport RAT, LofyStealer, and macOS backdoors via social engineering.
ClickFix, LofyStealer, and JINX-0164: Multi-Vector Social Engineering & Supply Chain Analysis — OTX Pulse Detection Pack
OTX pulses reveal active ClickFix, LofyStealer, and JINX-0164 campaigns targeting crypto and gamers via social engineering and supply chain.
ClickFix & JINX-0164 Campaigns: Multi-Vector Malware Delivery — OTX Pulse Analysis
Urgent: ClickFix, LofyStealer, and JINX-0164 targeting finance/tech via social engineering. Immediate IOCs and detection rules.
ClickFix, LofyStealer & JINX-0164: Multi-Vector Social Engineering & Supply Chain Attacks — OTX Pulse Analysis
Active campaigns featuring ClickFix RAT delivery, LofyStealer targeting gamers, and JINX-0164 supply chain attacks on crypto devs. Urgency: High.
LofyStealer, JINX-0164, and GHOST STADIUM: Multi-Vector Stealer Campaigns Targeting Gaming, Crypto, and Sports
OTX pulses reveal active infostealer campaigns targeting Minecraft players, crypto developers, and World Cup attendees. Block IOCs immediately.
LofyStealer & JINX-0164 Campaigns: OTX Pulse Analysis — Node.js & macOS Supply Chain Threats
Active infostealers (LofyStealer) & macOS supply chain attacks (JINX-0164) targeting gaming & crypto devs. High urgency.
TwizAdmin MaaS & JINX-0164 Supply Chain: OTX Pulse Analysis — Enterprise Detection Pack
Active crypto-stealing malware TwizAdmin and JINX-0164 targeting devs, alongside massive Middle East C2 expansion detected.
TwizAdmin MaaS & JINX-0164 Dev Targeting: Multi-Stage Crypto Theft & Regional C2 Surge Analysis
Urgent: Multi-stage crypto clippers (TwizAdmin) and dev-targeting supply chain attacks (JINX-0164) detected alongside massive Middle East C2 infrastructure growth.
TwizAdmin Ransomware & Ghost Stadium Phishing: OTX Pulse Analysis — Global C2 Infrastructure Alert
OTX detects TwizAdmin crypto-stealer, 1,350+ Middle East C2 servers, and FIFA World Cup phishing. Urgent IOC blocking required.
Showing 50 of 131 reports. Archive expands automatically as new intel is generated.
Every APT & Nation-StateReport Includes SIGMA & KQL Detection Rules
Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.