Dark Side Intelligence Category

Malware & Criminal Tooling Intelligence

New malware families, crimeware updates, loader/dropper campaigns, C2 infrastructure, and initial access broker tooling emerging from criminal underground channels.

23 reports availableRefreshed every 5 minutes
← All IntelRansomwareCredential LeaksAPT & Nation-StateMalware & Criminal ToolingData BreachesTelegram Intel

Malware & Criminal Tooling — Archive & Latest

23 reports loaded
Malware & Criminal Tooling

Rebex Telegram RAT, GachiLoader & TeamPCP CanisterWorm: OTX Pulse Analysis

Urgent: Active Telegram RAT targeting Vietnam, AI-themed GachiLoader, and TeamPCP supply chain wiper detected. Immediate action required.

May 3, 2026
Read →
Malware & Criminal Tooling

Rebex Telegram RAT, GachiLoader & TeamPCP CanisterWorm: OTX Pulse Analysis — Enterprise Detection Pack

Active campaigns involving Telegram RATs, AI-themed infostealers, and supply chain attacks on security tools identified.

May 3, 2026
Read →
Malware & Criminal Tooling

TeamPCP Supply Chain, Rebex Telegram RAT, & GachiLoader: OTX Pulse Analysis

Active campaigns detected: TeamPCP supply chain attack (CanisterWorm), Rebex RAT targeting Vietnam, and GachiLoader dropping Rhadamanthys via AI lures. Urgency: High.

May 2, 2026
Read →
Malware & Criminal Tooling

TeamPCP Supply Chain Attack & GachiLoader AI Lures: OTX Pulse Analysis — Enterprise Detection Pack

OTX pulses reveal TeamPCP exploiting security tools via CVE-2025-55182, GachiLoader using AI lures, and a Rebex Telegram RAT targeting Vietnam. High urgency.

May 2, 2026
Read →
Malware & Criminal Tooling

Rebex Telegram RAT, GachiLoader & TeamPCP Supply Chain: OTX Pulse Analysis — Enterprise Detection Pack

Active campaigns include a Telegram RAT targeting Vietnam, AI-themed GachiLoader, and TeamPCP supply chain attacks on security infrastructure. High urgency.

May 1, 2026
Read →
Malware & Criminal Tooling

Telegram RAT, Rhadamanthys & ValleyRAT: OTX Pulse Analysis — Enterprise Detection Pack

Telegram RAT, GachiLoader, and Silver Fox targeting Vietnam, Japan, and AI users. High urgency detection pack provided.

Apr 30, 2026
Read →
Malware & Criminal Tooling

PRISMEX, ValleyRAT, and AMOS Stealer: OTX Pulse Analysis — APT Espionage, Targeted Tax Fraud, and AI-Agent Exploitation

Active campaigns: APT28's PRISMEX suite, Silver Fox's ValleyRAT in Japan, and AMOS Stealer via Cursor AI. Urgent detection updates.

Apr 29, 2026
Read →
Malware & Criminal Tooling

PRISMEX, ValleyRAT & AMOS Stealer: OTX Pulse Analysis — Enterprise Detection Pack

APT28 uses PRISMEX for espionage; Silver Fox targets Japan with ValleyRAT; AMOS Stealer exploits Cursor AI. Critical urgency.

Apr 29, 2026
Read →
Malware & Criminal Tooling

EtherRAT, PRISMEX, and ValleyRAT: Multi-Front APT Campaign Analysis — Node.js Backdoors & Steganography Detection Pack

North Korean & Russian APTs target Finance & Gov sectors with EtherRAT & PRISMEX; Void Arachne hits Japan. High urgency.

Apr 29, 2026
Read →
Malware & Criminal Tooling

PRISMEX, DinDoor, and ValleyRAT: OTX Pulse Analysis of APT28, MuddyWater, and Void Arachne — Enterprise Detection Pack

Analysis of active OTX pulses revealing PRISMEX (APT28), DinDoor (MuddyWater), and ValleyRAT (Void Arachne) targeting govt, finance, and manufacturing.

Apr 28, 2026
Read →
Malware & Criminal Tooling

APT28 PRISMEX, MuddyWater DinDoor, & Silver Fox ValleyRAT: OTX Pulse Analysis — Enterprise Detection Pack

APT28, MuddyWater, and Silver Fox active with PRISMEX, DinDoor, and ValleyRAT targeting Gov, Finance, and Manufacturing. Urgency: High.

Apr 28, 2026
Read →
Malware & Criminal Tooling

PRISMEX, DinDoor, and ValleyRAT: OTX Pulse Analysis — APT and Crime Syndicate Surge

APT28, MuddyWater, and Void Arachne active with PRISMEX, DinDoor, and ValleyRAT targeting Gov, Finance, and Manufacturing. Critical IOCs inside.

Apr 27, 2026
Read →
Malware & Criminal Tooling

APT28 PRISMEX, MuddyWater DinDoor, and Tropic Trooper AdaptixC2: OTX Pulse Analysis — Enterprise Detection Pack

Active campaigns from APT28, MuddyWater, and Tropic Trooper targeting gov and finance via PRISMEX, DinDoor, and AdaptixC2. High urgency.

Apr 26, 2026
Read →
Malware & Criminal Tooling

APT28 PRISMEX & MuddyWater DinDoor: Multi-Vector Malware Surge — Detection Engineering

OTX pulses reveal active campaigns by APT28 and MuddyWater deploying PRISMEX and DinDoor via steganography and Deno runtime abuse. Urgent blocking required.

Apr 25, 2026
Read →
Malware & Criminal Tooling

Tropic Trooper AdaptixC2, uWarrior RAT, and Crypto Drainer Ecosystems: OTX Pulse Analysis — Enterprise Detection Pack

Tropic Trooper uses trojanized SumatraPDF; uWarrior RAT exploits RTF; hybrid crypto drainers target finance. Urgent detection required.

Apr 25, 2026
Read →
Malware & Criminal Tooling

Tropic Trooper AdaptixC2 Beacon, uWarrior RAT, and Hybrid Crypto Drainers: OTX Pulse Analysis

OTX pulses expose active espionage (Tropic Trooper) and cybercrime campaigns using trojanized PDFs, RTF exploits, and drainer-as-a-service kits.

Apr 24, 2026
Read →
Malware & Criminal Tooling

AdaptixC2 Framework & Gh0st RAT Loader Campaigns: OTX Pulse Analysis — Enterprise Detection Pack

Active AdaptixC2 and Gh0st RAT distribution observed alongside phishing trends. Urgent detection guidance and IOCs provided.

Apr 22, 2026
Read →
Malware & Criminal Tooling

Gh0st RAT Adware Bundles, The Gentlemen RaaS & LightBasin APT: OTX Pulse Analysis — Enterprise Detection Pack

OTX detects Gh0st RAT via adware bundles, The Gentlemen ransomware utilizing SystemBC tunneling, and LightBasin targeting finance via MSPs.

Apr 21, 2026
Read →
Malware & Criminal Tooling

Hydra Saiga JLORAT Espionage, JanaWare Ransomware, and Langflow AI Exploitation: OTX Pulse Analysis

Active espionage by Hydra Saiga using Telegram C2, JanaWare ransomware via Adwind RAT targeting Turkey, and mass exploitation of CVE-2026-33017 in Langflow AI pipelines.

Apr 19, 2026
Read →
Malware & Criminal Tooling

Hydra Saiga, Warlock BYOVD & JanaWare: OTX Pulse Analysis — Critical Infrastructure & Ransomware Threats

OTX pulses reveal Hydra Saiga espionage, JanaWare ransomware in Turkey, and Warlock's BYOVD LockBit attacks. Immediate blocking required.

Apr 18, 2026
Read →
Malware & Criminal Tooling

Adwind RAT, Warlock & Payouts King: Ransomware & EDR Evasion Analysis — Enterprise Detection Pack

Adwind RAT targeting Turkey, Warlock using BYOVD, and Payouts King leveraging EDR evasion. Urgent updates required.

Apr 17, 2026
Read →
Malware & Criminal Tooling

ASO RAT, Adwind/JanaWare, and Warlock LockBit: Multi-Vector Threat Analysis — Enterprise Detection Pack

Surveillance (ASO RAT), ransomware (Warlock/LockBit), and RAT campaigns detected targeting global sectors via DDNS and BYOVD.

Apr 15, 2026
Read →
Malware & Criminal Tooling

ASO RAT, Warlock LockBit, & APT37 ROKRAT: OTX Pulse Analysis — Enterprise Detection Pack

Active threats: ASO RAT surveillance, Warlock ransomware (LockBit), and APT37 ROKRAT campaigns targeting Gov and Tech. Urgent hunts required.

Apr 15, 2026
Read →
Free Detection Rules Included

Every Malware & Criminal ToolingReport Includes SIGMA & KQL Detection Rules

Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.

View All Malware & Criminal Tooling ReportsAlertMonitor SIEM Integration →Dark Web Exposure Check