Credential Leaks Intelligence
Infostealer malware campaigns (Lumma, RedLine, Vidar, StealC), combo list releases on dark web forums, credential stuffing operations, and enterprise exposure reports.
Credential Leaks — Archive & Latest
GIFTEDCROOK, OtterCookie & BRICKSTORM: OTX Pulse Analysis — Multi-Vector Credential Theft Campaigns
Active campaigns by SHADOW-EARTH-066 and UNK_DeadDrop exploit WinRAR and GitHub to steal credentials. Urgent detection required.
CrySome RAT, Salat Stealer & UNK_MassTraction: Multi-Vector Credential Theft Operations — OTX Intel
Active campaigns deploy CrySome RAT and Salat Stealer for credential theft, while UNK_MassTraction exploits university mail servers. Immediate action required.
Gaming Platform Phishing & Credential Harvesting: Roblox/Minecraft Targeted Campaign Analysis
Active phishing campaign targeting children via fake Roblox/Minecraft sites. High urgency for Education sectors to block IOCs.
Pink Vishing & Global PhaaS Campaigns: OTX Credential Theft Analysis
Pink actor vishing, global smishing operations, and gaming credential theft target finance, telco, and education sectors.
Argamal RAT & Smishing-as-a-Service: Multi-Vector Credential Theft Campaigns — OTX Pulse Analysis
RAT via game mods & smishing ops targeting credentials across gaming, telecom, finance. High urgency: immediate blocking required.
BoryptGrab Stealer & Gafgyt C0XMO Botnet: OTX Pulse Analysis
Active campaigns deploying BoryptGrab stealer via GitHub impersonation and Gafgyt C0XMO botnet via router exploits. Credential theft focus.
SessionGate & BoryptGrab: TDS-Driven Infostealer Ecosystem OTX Analysis
Active campaigns using Traffic Distribution Systems (TDS) and GitHub impersonation to deploy SessionGate, RemusStealer, and BoryptGrab. Urgency: High.
TA4922 Global Expansion, Avalon Framework, and Malicious VPN Extensions: OTX Pulse Analysis — Credential Theft & Ransomware
OTX Pulse: TA4922, Avalon, and malicious VPNs drive a surge in credential theft and ransomware. Critical detection guidance inside.
RedLine, TONResolver & Blacksite: Global Credential Theft Surge — OTX Pulse Analysis
Multi-vector credential theft targeting maritime/hotel sectors via RedLine, TONResolver, and Blacksite AiTM kits. High urgency.
Akira Ransomware & Infostealer Swarm: OTX Pulse Analysis — Bumblebee, RedLine, and RMM Exploits
Active campaigns deploying Akira ransomware and stealers (RedLine, Ousaban) via SEO poisoning, RMM exploits, and AI framework vulnerabilities.
Bumblebee Loader, RedLine Stealer, and RMM Exploitation: OTX Pulse Analysis — Credential Theft & Ransomware Campaigns
Active campaigns leveraging SEO poisoning and RMM exploits to deliver Bumblebee, RedLine, and Djinn stealers, facilitating credential theft and Akira ransomware.
Credential Harvesting & Ransomware Delivery: Bumblebee, RedLine, and Ousaban Campaigns — OTX Pulse Analysis
Credential theft and ransomware delivery via SEO poisoning, RMM exploits, and maritime phishing targeting finance and tech. Urgency: High.
JINX-0164 & GHOST STADIUM: Multi-Vector Credential Theft & Ransomware Delivery Chain — OTX Pulse Analysis
Active campaigns leveraging SEO poisoning, RMM exploits, and phishing to deploy Vidar, Lumma, and Bumblebee. High urgency.
Bumblebee Loader & Akira Ransomware: SEO Poisoning and Supply Chain Attack Vector Analysis — Detection Engineering Pack
Active campaigns using Bumblebee, Djinn, and Lumma stealers via SEO poisoning and RMM exploits to deliver Akira ransomware. Urgency: High.
OTX Pulse Analysis: GHOST STADIUM, JINX-0164, and Bumblebee — Credential Theft & Ransomware Operations
Active campaigns leveraging trojanized installers, event-based phishing, and LinkedIn scams to deploy Akira, Vidar, and custom macOS stealers.
Rising Tide of Infostealers: Bumblebee, JINX-0164, and GHOST STADIUM Operations Targeting Critical Infrastructure
Active campaigns using SEO poisoning, RMM exploits, and phishing to deploy Lumma, Vidar, and Bumblebee. High urgency.
Bumblebee→Akira, KimJongRAT & Djinn Stealer: OTX Pulse Analysis — Multi-Vector Credential Theft Detection Pack
Five OTX pulses expose coordinated infostealer campaigns via SEO poisoning, RMM exploits, GitHub LOTS, and AI pipeline RCE targeting enterprise credentials.
Bumblebee, KimJongRAT & Djinn Stealer: Multi-Vector Credential Theft Campaigns — OTX Pulse Intelligence Brief
Five OTX pulses expose infostealer campaigns via SEO poisoning, RMM exploits, and LinkedIn social engineering targeting admins and developers. High urgency.
Operation Endgame Aftermath, Woodgnat & JINX-0164: Multi-Vector Infostealer & AI Infrastructure Exploitation
OTX Pulse analysis reveals active infostealer campaigns (Stealc, KimJongRAT), access brokers (Woodgnat), and exploitation of AI pipelines (Langflow). Urgency: High.
Operation Endgame, Woodgnat Mistic RAT & JINX-0164: OTX Pulse Analysis — Enterprise Detection Pack
Active MaaS takedowns mixed with new Woodgnat backdoor and JINX-0164 supply chain attacks. High credential theft urgency.
Operation Endgame Disruption & Emerging Access Brokers: Stealc, Woodgnat, and JINX-0164 Analysis
Stealc/Lumma C2 disruption alongside new Mistic backdoor and AUDIOFIX campaigns targeting crypto/tech. Urgency: High.
StealC, Mistic Backdoor & KimJongRAT: OTX Pulse Analysis — Enterprise Detection Pack
OTX pulses reveal active infostealer (StealC), ransomware broker (Woodgnat), and APT (Kimsuky) campaigns. Immediate C2 blocking required.
Stealc, Amadey & Mistic Backdoor: Dark Web Infostealer & Access Broker Surge — OTX Pulse Analysis
OTX pulses reveal active campaigns by Stealc, Amadey, and Woodgnat's Mistic backdoor targeting enterprise credentials and facilitating ransomware access.
Infostealer Surge & Access Broker Operations: StealC, Amadey, and Mistic Backdoor Analysis
OTX pulses reveal active StealC, Amadey, and Mistic campaigns targeting credentials. Urgent detection engineering for infostealers and access brokers.
StealC, Woodgnat, and Crypto Supply Chain Assaults: OTX Pulse Analysis
Active MaaS campaigns (StealC/Amadey), targeted crypto supply chain attacks (JINX-0164), and Kimsuky RATs signal high credential theft risk.
StealC, Amadey, and Mistic: Multi-Vector Infostealer & Access Broker Surge — OTX Pulse Analysis
Active campaigns utilizing StealC, Amadey, and Mistic backdoor facilitate credential theft and initial access. Urgent blocking required.
StealC, Amadey, and JINX-0164: Cross-Platform Credential Theft Surge – OTX Pulse Analysis
Active infostealer campaigns (StealC, Amadey) and MacOS threats (JINX-0164) detected via OTX. Block IoCs immediately. Urgency: High.
Operation Endgame Disruption & Woodgnat Access Brokers: StealC, Amadey, and Mistic Backdoor Intel — Detection Pack
Op Endgame disrupts StealC/Amadey C2s; Woodgnat deploys Mistic backdoor alongside credential theft. High urgency hunts required.
StealC, Mistic, and Vidar: OTX Pulse Analysis of Multi-Vector Infostealer Operations — Enterprise Detection Pack
Surge in infostealer activity (StealC, Vidar, Mistic) targeting credentials & supply chains. Includes detection rules & IOCs.
StealC, Amadey, and Mistic Backdoor: Active Infostealer & Access Broker Campaigns — Detection Engineering
Operation Endgame disrupts Amadey/Stealc; new Mistic backdoor and KimJongRAT target critical sectors with credential theft.
StealC, Amadey & Mistic Backdoor: Credential Theft & Ransomware Access Analysis
Active infostealer campaigns (StealC, Amadey) and backdoors (Mistic, KimJongRAT) targeting credentials for ransomware access. Includes detection pack.
StealC, Amadey, and Mistic Backdoor: OTX Pulse Analysis — Enterprise Credential Theft & Access Brokerage
OTX pulses reveal active StealC, Amadey, and Woodgnat Mistic campaigns targeting credentials. C2 infrastructure and IAB activity detected. High urgency.
Infostealer Ecosystem & Credential Harvesting Operations: StealC, Amadey, Woodgnat & FortiBleed Campaigns — Enterprise Detection Pack
Coordinated infostealer campaigns targeting credentials & session tokens. Active access brokers (Woodgnat) & FortiGate harvesting detected. HIGH urgency.
StealC, Woodgnat & FortiBleed: Convergence of Infostealers and Access Brokers — OTX Pulse Analysis
Critical alert: High-volume infostealers (StealC, Lumma) and access broker Woodgnat targeting credentials and VPN infrastructure globally.
StealC, Mistic, and FortiBleed: OTX Pulse Analysis of Global Infostealers and Ransomware Access Brokers
OTX pulses reveal active StealC/Amadey infostealers, Mistic backdoor, and FortiBleed campaigns targeting FortiGate. Immediate credential hygiene and IOC blocking required.
SocGholish Takedowns & FortiBleed Infrastructure: OTX Pulse Analysis — Credential Harvesting Campaign
Analysis of SocGholish disruption, Okendo supply chain attacks, and FortiBleed credential harvesting. High urgency for credential reset.
SocGholish Disruption, SmartApeSG Supply Chain, and FortiBleed: Credential Theft & RAT Analysis
OTX Pulse analysis reveals multi-vector credential theft via fake updates, supply chain injection, and VPN brute-forcing targeting Finance/Retail.
Operation Endgame & SmartApeSG: SocGholish Takedown, Okendo Supply Chain Attack, and FortiBleed Credential Harvesting — Intel Brief
SocGholish disrupted by Op Endgame; SmartApeSG hits e-commerce via Okendo; FortiBleed targets VPNs. High-risk credential theft.
Operation Endgame Aftermath, Okendo Supply Chain & FortiBleed: Credential Theft Intel
SocGholish infrastructure disrupted, Okendo JS supply chain compromise, and FortiBleed VPN credential harvesting active. Urgent IOCs provided.
Operation Endgame, SocGholish Takedowns, and FortiBleed Credential Harvesting: OTX Pulse Analysis — Enterprise Detection Pack
Analysis of Operation Endgame disruption of SocGholish, Okendo supply chain attack, and FortiBleed VPN credential harvesting. High urgency.
Operation Endgame: SocGholish Disruption, Okendo Supply Chain Attack & FortiBleed Credential Harvesting — OTX Pulse Analysis
SocGholish infrastructure disrupted by law enforcement, Okendo supply chain compromised, and FortiBleed VPN credential harvesting active. High urgency.
Operation Endgame Disruption & AI-Driven ClickFix: OTX Pulse Analysis on SocGholish, SmartRAT, and Infostealer Supply Chains
OTX pulses reveal SocGholish disruption by Op Endgame, Okendo supply chain attacks, and AI-driven ClickFix campaigns delivering SmartRAT.
Operation Endgame Disruption & SmartRAT Credential Theft: OTX Pulse Analysis
Credential theft via SmartRAT & supply chain attacks rises as SocGholish falls. Detection engineering guide included.
Intelligence Brief: Operation Endgame Disruption, Okendo Supply Chain & ClickFix AI Campaigns
Active credential theft campaigns via Okendo supply chain, AI-powered ClickFix, and SocGholish remnants delivering SmartRAT, LummaC2, and stealers.
Operation Endgame Aftermath & SmartRAT ClickFix Surge: OTX Pulse Analysis
TA569 SocGholish infrastructure disrupted, but SmartRAT and infostealers surge via supply chain attacks and AI-driven ClickFix campaigns.
SocGholish Fake Updates, SmartRAT ClickFix & Infostealer Supply Chain: OTX Pulse Analysis
Active SocGholish, SmartRAT ClickFix, and Okendo supply chain attacks targeting finance and retail with credential theft malware.
Operation Endgame Disrupts SocGholish: Emerging INC Ransomware & Multi-Vector Infostealer Campaigns — Enterprise Detection Pack
Law enforcement disrupts SocGholish malware; INC ransomware rises; supply chain attacks target retail; infostealers and SmartRAT exploit AI-generated campaigns. HIGH urgency.
SocGholish Takedown, INC Ransomware Evolution & Supply Chain Injection: OTX Pulse Intelligence
Major law enforcement takedown of SocGholish infrastructure alongside rising INC Ransomware and SmartRAT supply chain attacks targeting finance and retail.
Operation Endgame Aftermath: SocGholish Disruption & AI-Generated ClickFix Infostealers
Critical analysis of SocGholish disruption, AI-powered ClickFix campaigns delivering SmartRAT, and the Okendo supply chain attack targeting retail credentials.
Operation Endgame Disruption & AI-Driven ClickFix: SocGholish, SmartRAT, and INC Ransomware Intelligence Briefing
OTX analysis of TA569 takedown, new SmartApeSG supply chain attacks, and AI-generated ClickFix campaigns delivering SmartRAT and INC ransomware.
Showing 50 of 242 reports. Archive expands automatically as new intel is generated.
Every Credential LeaksReport Includes SIGMA & KQL Detection Rules
Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.