Malware & Criminal Tooling Intelligence
New malware families, crimeware updates, loader/dropper campaigns, C2 infrastructure, and initial access broker tooling emerging from criminal underground channels.
Malware & Criminal Tooling — Archive & Latest
DinDoor Backdoor, AdaptixC2 Beacon, and The Gentlemen RaaS: OTX Threat Landscape Analysis — Detection & Response
Active OTX pulses reveal MuddyWater's Deno-based malware, Tropic Trooper's trojanized PDFs, and The Gentlemen ransomware. Critical detection engineering.
The Gentlemen RaaS, Webworm APT, & AI Impersonation Infostealers: OTX Pulse Analysis — Enterprise Detection Pack
OTX pulses reveal active RaaS, China-aligned espionage, and AI-themed SEO poisoning. Urgent hunting required.
The Gentlemen RaaS, Webworm APT, and AI SEO Poisoning: OTX Pulse Analysis — Enterprise Detection Pack
RaaS (The Gentlemen) and APT (Webworm) campaigns intersect with AI-themed infostealers targeting developers. Critical detection guidance provided.
Webworm APT, FrostyNeighbor Espionage, and Ghost CMS Mass Exploit: OTX Pulse Analysis
China-aligned Webworm & Belarus FrostyNeighbor target Europe; Ghost CMS mass exploits fuel ClickFix attacks. High urgency.
Shai-Hulud npm Worm, SHub Reaper macOS Stealer, and Nexcorium IoT Botnet: OTX Pulse Analysis
OTX pulses reveal Shai-Hulud npm supply chain attacks, SHub Reaper macOS spoofing, and Nexcorium IoT exploitation. Critical priority.
Nexcorium IoT Botnet, UNC1945 Financial Threats, and NKAbuse Supply Chain: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns involving Nexcorium IoT botnet, UNC1945 targeting finance, and NKAbuse via HuggingFace. Urgent detection required.
ASO RAT Surveillance & NKAbuse Blockchain Botnet: OTX Pulse Analysis — Enterprise Detection Pack
Active Arabic Android RAT targeting Syria + macOS/crypto stealer notnullOSX. Urgent C2 blocking required.
Kimsuky PebbleDash, Vidar Stealer & ASO RAT: OTX Pulse Analysis — Enterprise Detection Pack
Urgent intel on Kimsuky's new Rust backdoors, Vidar Stealer via AutoIt loaders, and ASO RAT surveillance. High risk to Gov/Defense sectors.
ASO RAT, Vidar Stealer, and Kimsuky PebbleDash: OTX Pulse Intelligence Brief
Live OTX analysis of ASO RAT surveillance, Vidar Stealer AutoIt loaders, and Kimsuky's Rust backdoors. High urgency for credential theft and espionage.
ASO RAT, Vidar Stealer Loader, and Kimsuky APT Campaigns: OTX Pulse Analysis — Enterprise Detection Pack
Active surveillance (ASO RAT), info-stealing loaders (Vidar), and DPRK phishing (Kimsuky) detected. High urgency for credential theft.
Needle C2, PCPJack Cloud Worm & Beagle Backdoor: OTX Pulse Analysis — Enterprise Detection Pack
Active MaaS crypto-stealer (Needle), cloud worm (PCPJack), and AI-themed backdoor (Beagle) campaigns. Urgent IOC enforcement required.
Remus Stealer, ClickFix macOS Infostealers, and Malicious OpenClaw Skills: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns: Remus bypassing browser encryption, ClickFix macOS attacks, and OpenClaw delivering Remcos RAT via AI agents.
Remcos RAT, Remus Stealer & macOS ClickFix: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns distributing Remcos RAT via AI lures, Remus Stealer bypassing browser encryption, and macOS ClickFix infostealers.
ClickFix macOS Lures, Remus Stealer, & OpenClaw RAT Supply Chain: OTX Pulse Analysis
Active campaigns using ClickFix macOS lures and malicious OpenClaw skills to deliver AMOS, Remus, and Remcos RAT. High urgency.
Remus Stealer & Weaponized AI Frameworks: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns deploying Remus Stealer, ClickFix macOS infostealers, and Remcos RAT via malicious AI skills. Urgent C2 blocking required.
Remus Stealer, ClickFix & AI Framework Abuse: Cross-Platform Infostealer Campaigns — OTX Pulse Analysis
Active ClickFix macOS campaigns distributing AMOS/Shub; Remus stealer bypassing browser encryption; OpenClaw AI abuse delivering Remcos RAT.
Trigona Exfiltration Tooling, OceanLotus PyPI Supply Chain & QUIC RAT in DAEMON Tools: OTX Pulse Analysis — Enterprise Detection Pack
Trigona custom exfil, OceanLotus PyPI supply chain, and QUIC RAT in DAEMON Tools detected. Urgency: Critical. Hunt for hashes now.
GhostSocks Proxy & Remcos RAT: OTX Pulse Analysis — AI Framework & Mobile Link Exploits
Intelligence on GhostSocks proxy malware, Remcos RAT via OpenClaw AI, and CloudZ OTP theft targeting Education and Enterprise sectors.
MioLab Stealer, GhostSocks Proxy & CloudZ RAT: Multi-Vector Malware Campaign Analysis
Active OTX pulses reveal MacOS MioLab stealer, GhostSocks residential proxy botnet, and CloudZ RAT exploiting Phone Link for OTP theft.
MioLab Stealer, GhostSocks Proxy Botnet, and Trigona Exfil Tool: OTX Pulse Analysis — Enterprise Detection Pack
Emerging MaaS threats: MioLab macOS stealer, GhostSocks proxy network, and Trigona custom exfiltration tool detected via OTX.
Rebex Telegram RAT, GachiLoader & TeamPCP CanisterWorm: OTX Pulse Analysis
Urgent: Active Telegram RAT targeting Vietnam, AI-themed GachiLoader, and TeamPCP supply chain wiper detected. Immediate action required.
Rebex Telegram RAT, GachiLoader & TeamPCP CanisterWorm: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns involving Telegram RATs, AI-themed infostealers, and supply chain attacks on security tools identified.
TeamPCP Supply Chain, Rebex Telegram RAT, & GachiLoader: OTX Pulse Analysis
Active campaigns detected: TeamPCP supply chain attack (CanisterWorm), Rebex RAT targeting Vietnam, and GachiLoader dropping Rhadamanthys via AI lures. Urgency: High.
TeamPCP Supply Chain Attack & GachiLoader AI Lures: OTX Pulse Analysis — Enterprise Detection Pack
OTX pulses reveal TeamPCP exploiting security tools via CVE-2025-55182, GachiLoader using AI lures, and a Rebex Telegram RAT targeting Vietnam. High urgency.
Rebex Telegram RAT, GachiLoader & TeamPCP Supply Chain: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns include a Telegram RAT targeting Vietnam, AI-themed GachiLoader, and TeamPCP supply chain attacks on security infrastructure. High urgency.
Telegram RAT, Rhadamanthys & ValleyRAT: OTX Pulse Analysis — Enterprise Detection Pack
Telegram RAT, GachiLoader, and Silver Fox targeting Vietnam, Japan, and AI users. High urgency detection pack provided.
PRISMEX, ValleyRAT, and AMOS Stealer: OTX Pulse Analysis — APT Espionage, Targeted Tax Fraud, and AI-Agent Exploitation
Active campaigns: APT28's PRISMEX suite, Silver Fox's ValleyRAT in Japan, and AMOS Stealer via Cursor AI. Urgent detection updates.
PRISMEX, ValleyRAT & AMOS Stealer: OTX Pulse Analysis — Enterprise Detection Pack
APT28 uses PRISMEX for espionage; Silver Fox targets Japan with ValleyRAT; AMOS Stealer exploits Cursor AI. Critical urgency.
EtherRAT, PRISMEX, and ValleyRAT: Multi-Front APT Campaign Analysis — Node.js Backdoors & Steganography Detection Pack
North Korean & Russian APTs target Finance & Gov sectors with EtherRAT & PRISMEX; Void Arachne hits Japan. High urgency.
PRISMEX, DinDoor, and ValleyRAT: OTX Pulse Analysis of APT28, MuddyWater, and Void Arachne — Enterprise Detection Pack
Analysis of active OTX pulses revealing PRISMEX (APT28), DinDoor (MuddyWater), and ValleyRAT (Void Arachne) targeting govt, finance, and manufacturing.
APT28 PRISMEX, MuddyWater DinDoor, & Silver Fox ValleyRAT: OTX Pulse Analysis — Enterprise Detection Pack
APT28, MuddyWater, and Silver Fox active with PRISMEX, DinDoor, and ValleyRAT targeting Gov, Finance, and Manufacturing. Urgency: High.
PRISMEX, DinDoor, and ValleyRAT: OTX Pulse Analysis — APT and Crime Syndicate Surge
APT28, MuddyWater, and Void Arachne active with PRISMEX, DinDoor, and ValleyRAT targeting Gov, Finance, and Manufacturing. Critical IOCs inside.
APT28 PRISMEX, MuddyWater DinDoor, and Tropic Trooper AdaptixC2: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns from APT28, MuddyWater, and Tropic Trooper targeting gov and finance via PRISMEX, DinDoor, and AdaptixC2. High urgency.
APT28 PRISMEX & MuddyWater DinDoor: Multi-Vector Malware Surge — Detection Engineering
OTX pulses reveal active campaigns by APT28 and MuddyWater deploying PRISMEX and DinDoor via steganography and Deno runtime abuse. Urgent blocking required.
Tropic Trooper AdaptixC2, uWarrior RAT, and Crypto Drainer Ecosystems: OTX Pulse Analysis — Enterprise Detection Pack
Tropic Trooper uses trojanized SumatraPDF; uWarrior RAT exploits RTF; hybrid crypto drainers target finance. Urgent detection required.
Tropic Trooper AdaptixC2 Beacon, uWarrior RAT, and Hybrid Crypto Drainers: OTX Pulse Analysis
OTX pulses expose active espionage (Tropic Trooper) and cybercrime campaigns using trojanized PDFs, RTF exploits, and drainer-as-a-service kits.
AdaptixC2 Framework & Gh0st RAT Loader Campaigns: OTX Pulse Analysis — Enterprise Detection Pack
Active AdaptixC2 and Gh0st RAT distribution observed alongside phishing trends. Urgent detection guidance and IOCs provided.
Gh0st RAT Adware Bundles, The Gentlemen RaaS & LightBasin APT: OTX Pulse Analysis — Enterprise Detection Pack
OTX detects Gh0st RAT via adware bundles, The Gentlemen ransomware utilizing SystemBC tunneling, and LightBasin targeting finance via MSPs.
Hydra Saiga JLORAT Espionage, JanaWare Ransomware, and Langflow AI Exploitation: OTX Pulse Analysis
Active espionage by Hydra Saiga using Telegram C2, JanaWare ransomware via Adwind RAT targeting Turkey, and mass exploitation of CVE-2026-33017 in Langflow AI pipelines.
Hydra Saiga, Warlock BYOVD & JanaWare: OTX Pulse Analysis — Critical Infrastructure & Ransomware Threats
OTX pulses reveal Hydra Saiga espionage, JanaWare ransomware in Turkey, and Warlock's BYOVD LockBit attacks. Immediate blocking required.
Adwind RAT, Warlock & Payouts King: Ransomware & EDR Evasion Analysis — Enterprise Detection Pack
Adwind RAT targeting Turkey, Warlock using BYOVD, and Payouts King leveraging EDR evasion. Urgent updates required.
ASO RAT, Adwind/JanaWare, and Warlock LockBit: Multi-Vector Threat Analysis — Enterprise Detection Pack
Surveillance (ASO RAT), ransomware (Warlock/LockBit), and RAT campaigns detected targeting global sectors via DDNS and BYOVD.
ASO RAT, Warlock LockBit, & APT37 ROKRAT: OTX Pulse Analysis — Enterprise Detection Pack
Active threats: ASO RAT surveillance, Warlock ransomware (LockBit), and APT37 ROKRAT campaigns targeting Gov and Tech. Urgent hunts required.
Every Malware & Criminal ToolingReport Includes SIGMA & KQL Detection Rules
Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.