Dark Side Intelligence Category

Malware & Criminal Tooling Intelligence

New malware families, crimeware updates, loader/dropper campaigns, C2 infrastructure, and initial access broker tooling emerging from criminal underground channels.

84 reports availableRefreshed every 5 minutes

Malware & Criminal Tooling — Archive & Latest

50 reports loaded
Malware & Criminal Tooling

BabaDeda Loader: ClickFix Malware Campaign Analysis — Enterprise Detection Pack

Evolving BabaDeda loader using ClickFix technique for payload delivery. Urgent: block identified C2 IPs and hunt for installer-based infections.

Jul 6, 2026
Read →
Malware & Criminal Tooling

Nezha Web Shell Campaign & BabaDeda ClickFix Loader: OTX Pulse Analysis — Enterprise Detection Pack

OTX pulses reveal active abuse of Nezha monitoring tool via phpMyAdmin log poisoning and the evolution of the BabaDeda ClickFix loader.

Jul 6, 2026
Read →
Malware & Criminal Tooling

AsyncRAT & Remcos Steganography Campaign: OTX Pulse Analysis — Enterprise Detection Pack

Active global phishing campaign using Excel macros and steganography to deliver AsyncRAT/Remcos. High urgency.

Jul 5, 2026
Read →
Malware & Criminal Tooling

CastleRAT, AsyncRAT & Havoc Framework: Multi-Vector Malware Campaign Analysis — Detection Pack

Active campaigns utilizing ClickFix, steganography, and tax lures delivering CastleRAT, AsyncRAT, and Havoc. High urgency.

Jul 5, 2026
Read →
Malware & Criminal Tooling

RustDuck Botnet, AsyncRAT Sideloading & Gamaredon GammaWorm: OTX Pulse Analysis — Enterprise Detection Pack

Critical surge in threats: RustDuck IoT DDoS botnet, AsyncRAT via typosquatting, and Gamaredon espionage targeting Ukraine.

Jul 2, 2026
Read →
Malware & Criminal Tooling

Gamaredon APT, BTMOB Android RAT & Malicious VPN Extensions: OTX Pulse Analysis

FSB-linked Gamaredon targeting Ukraine, Android RAT surge in LatAm, and clipper malware distributed via trojanized VPN extensions.

Jul 1, 2026
Read →
Malware & Criminal Tooling

GHOST STADIUM, Millenium RAT, and LokiBot: OTX Pulse Analysis — Phishing, MaaS, and Infostealer Campaigns

Active campaigns detected: FIFA World Cup phishing (Vidar/Lumma), Millenium RAT MaaS, and LokiBot infostealer. High urgency for credential protection.

Jun 29, 2026
Read →
Malware & Criminal Tooling

FortiBleed Harvesters & Ghost Stadium Phish: OTX Pulse Analysis — Steganography & Credential Theft

Three active threats: FortiBleed FortiGate harvester, multi-stage stego loaders (Remcos/Agent Tesla), and Ghost Stadium FIFA fraud.

Jun 26, 2026
Read →
Malware & Criminal Tooling

StrikeShark Campaign & macOS.Gaslight Backdoor: OTX Pulse Analysis — Multi-Vector Threat Briefing

Active StrikeShark exploitation, DPRK macOS.Gaslight backdoor, and PostCSS supply chain RAT detected. High urgency for gov/tech sectors.

Jun 24, 2026
Read →
Malware & Criminal Tooling

Lazarus Supply Chain & Cloud Atlas APT: OTX Pulse Analysis — Multi-Vector Malware Detection Pack

Urgent: Lazarus 3CX supply chain attack and Cloud Atlas APT campaigns targeting Gov/Healthcare. IOCs and detection rules inside.

Jun 23, 2026
Read →
Malware & Criminal Tooling

Lazarus Supply Chain & Cloud Atlas RATs: OTX Pulse Analysis — Global Threat Briefing

Lazarus targets finance/energy via trojanized 3CX; Cloud Atlas and unknown actors hit gov/healthcare with stealers and RATs. Urgency: High.

Jun 22, 2026
Read →
Malware & Criminal Tooling

Shai-Hulud npm Worm, Cloud Atlas APT, & Gentlemen RaaS: OTX Pulse Analysis — Enterprise Detection Pack

OTX pulses reveal active supply-chain attacks via npm, Cloud Atlas APT targeting government, and Gentlemen ransomware defense evasion tactics.

Jun 21, 2026
Read →
Malware & Criminal Tooling

Shai-Hulud Supply Chain Attack, Cloud Atlas APT Recon, and The Gentlemen RaaS Evasion: OTX Pulse Analysis

Critical threats: Shai-Hulud npm worm, Cloud Atlas phishing new payloads, and The Gentlemen ransomware clearing logs.

Jun 21, 2026
Read →
Malware & Criminal Tooling

Shai-Hulud NPM Worm, The Gentlemen RaaS, & ClickFix Polymorphism: OTX Pulse Analysis

Active npm supply-chain attacks, evasive ransomware TTPs, and polymorphic ClickFix campaigns detected. High urgency for credential theft.

Jun 20, 2026
Read →
Malware & Criminal Tooling

Operation Endgame Aftermath: SocGholish, NPM Shai-Hulud Worm, and ClickFix Fileless Attacks

Briefing on SocGholish infrastructure disruption, npm Shai-Hulud worms, and ClickFix fileless attacks. Critical detection guidance included.

Jun 20, 2026
Read →
Malware & Criminal Tooling

Operation Endgame Disruption & Shai-Hulud Supply Chain: TA569, GoldFactory, and NPM Threats

TA569 infrastructure disrupted; Shai-Hulud worm hits npm; GoldFactory tax fraud active. Block IOCs immediately.

Jun 19, 2026
Read →
Malware & Criminal Tooling

Shai-Hulud, ShinyHunters (CVE-2026-35273), & Potemkin Loader: OTX Pulse Analysis — Enterprise Detection Pack

Active NPM supply chain attack, Oracle PeopleSoft zero-day exploitation, and Potemkin ClickFix loader campaign detected. High urgency.

Jun 18, 2026
Read →
Malware & Criminal Tooling

Potemkin Loader, AsyncRAT AI Lures & APT37 NarwhalRAT: OTX Pulse Analysis — Enterprise Detection Pack

Urgent OTX pulses reveal ClickFix attacks delivering Potemkin/RMMProject, AI-themed AsyncRAT campaigns, and APT37 NarwhalRAT spear-phishing.

Jun 17, 2026
Read →
Malware & Criminal Tooling

ShinyHunters, Potemkin & AsyncRAT Campaigns: OTX Pulse Analysis — Enterprise Detection Pack

Active campaigns: UNC6240 targeting Education via Oracle RCE, and widespread Potemkin/AsyncRAT distribution via ClickFix & AI lures.

Jun 16, 2026
Read →
Malware & Criminal Tooling

AsyncRAT, APT37 NarwhalRAT & OnyxC2: OTX Pulse Analysis of Active RAT & Stealer Campaigns

Active campaigns delivering AsyncRAT via AI lures, APT37's NarwhalRAT, and OnyxC2 MaaS. High urgency due to credential theft.

Jun 15, 2026
Read →
Malware & Criminal Tooling

4BID Hacktivist Ops, Needle Crypto-Stealer, & The Gentlemen Ransomware: OTX Pulse Analysis

OTX pulses reveal active 4BID hacktivism via ProxyShell, Needle MaaS crypto-theft, and The Gentlemen ransomware targeting critical sectors.

Jun 14, 2026
Read →
Malware & Criminal Tooling

The Gentlemen RaaS & AI Supply Chain Poisoning: SystemBC, AMOS Stealer, and CVE-2024-55591 Exploitation

Active RaaS operation Storm-2697 exploits CVE-2024-55591 while threat actors poison AI supply chains with AMOS Stealer. Urgent patching required.

Jun 12, 2026
Read →
Malware & Criminal Tooling

The Gentlemen RaaS (Storm-2697) & AI Supply Chain (AMOS Stealer): OTX Pulse Analysis

Alert: The Gentlemen ransomware exploiting CVE-2024-55591 and AI supply chain trojans dropping AMOS stealer. High urgency.

Jun 12, 2026
Read →
Malware & Criminal Tooling

OTX Pulse Analysis: 4BID Hacktivist Operations & PAN-OS Zero-Day Exploitation (CL-STA-1132)

4BID group leverages ProxyShell/Sliver to target Gov/Healthcare; CL-STA-1132 exploits PAN-OS zero-day; GriefLure hits Vietnam/Philippines.

Jun 10, 2026
Read →
Malware & Criminal Tooling

ClickFix RATs & CL-STA-1132 PAN-OS Exploitation: OTX Pulse Analysis — Enterprise Detection Pack

Active campaigns targeting macOS/Windows with ClickFix (CastleLoader/AMOS) and critical PAN-OS zero-day exploitation by CL-STA-1132.

Jun 9, 2026
Read →
Malware & Criminal Tooling

ClickFix Campaigns & PAN-OS Exploitation: OTX Pulse Analysis — CastleLoader, macOS Infostealers, and EarthWorm

Active ClickFix campaigns delivering CastleLoader/macOS infostealers plus CL-STA-1132 exploiting PAN-OS zero-days for tunneling.

Jun 9, 2026
Read →
Malware & Criminal Tooling

Remus Stealer, Gamaredon GammaSteel, and macOS ClickFix Campaigns: OTX Pulse Analysis — Enterprise Detection Pack

Active detection guidance for Remus/Lumma evolution, macOS ClickFix infostealers, and Gamaredon's GammaSteel targeting Ukraine.

Jun 8, 2026
Read →
Malware & Criminal Tooling

ClickFix macOS Campaigns, Remus Browser Bypass, and Gamaredon GammaSteel Espionage: OTX Pulse Intelligence

Active macOS ClickFix infostealers, Remus browser encryption bypass, and Gamaredon GammaSteel targeting Ukraine analyzed via OTX pulses.

Jun 8, 2026
Read →
Malware & Criminal Tooling

ClickFix & Gamaredon Operations: MacOS Stealers and GammaSteel Espionage — OTX Pulse Analysis

Active ClickFix macOS campaigns delivering AMOS/Shub stealer alongside Gamaredon's GammaSteel targeting Ukraine. Critical IOCs and detection engineering included.

Jun 7, 2026
Read →
Malware & Criminal Tooling

Remus Stealer, Gamaredon GammaSteel, and CloudZ Pheno: OTX Pulse Analysis — Enterprise Detection Pack

Active info-stealers and espionage tooling targeting credentials and OTPs via Phone Link and browser bypasses. Urgent patching required.

Jun 6, 2026
Read →
Malware & Criminal Tooling

Remus Stealer, Gamaredon GammaSteel & CloudZ RAT: OTX Pulse Analysis — Enterprise Detection Pack

Active campaigns featuring Remus ABE bypass, Gamaredon's GammaSteel registry persistence, and CloudZ OTP theft via Phone Link. Urgency: High.

Jun 6, 2026
Read →
Malware & Criminal Tooling

CloudZ OTP Theft, UAT-8302 APT Intrusions, and DesckVB RAT: OTX Pulse Analysis — Enterprise Detection Pack

Active campaigns feature CloudZ OTP theft via Microsoft Phone Link, UAT-8302 exploiting CVE-2025-0994, and DesckVB malspam. High urgency.

Jun 5, 2026
Read →
Malware & Criminal Tooling

DesckVB RAT, Kali365 PhaaS, and Gamaredon GammaWorm: OTX Pulse Analysis — Multi-Vector Threat Landscape

Live OTX intel: Active campaigns involving DesckVB RAT malspam, Kali365 OAuth token theft, and Gamaredon espionage tools detected. Urgency: High.

Jun 4, 2026
Read →
Malware & Criminal Tooling

Gamaredon GammaWorm, SideCopy XenoRAT, and BTMOB MaaS Campaigns: OTX Pulse Analysis & Enterprise Detection Pack

Active espionage and malware campaigns targeting Ukraine, Afghanistan, and LATAM. Gamaredon, SideCopy, and BTMOB using HTA persistence, RAR exploits, and Android RATs. High Urgency.

Jun 3, 2026
Read →
Malware & Criminal Tooling

XenoRAT, BTMOB, and The Gentlemen: OTX Pulse Analysis — Enterprise Detection Pack

Active OTX pulses reveal SideCopy targeting Afghanistan with XenoRAT, BTMOB Android RAT in LatAm, and The Gentlemen RaaS ransomware.

Jun 1, 2026
Read →
Malware & Criminal Tooling

Laravel Supply Chain RCE, SideCopy XenoRAT Campaigns, and The Gentlemen RaaS Activity — Enterprise Detection Pack

Urgent OTX Analysis: Laravel supply chain RCE, SideCopy XenoRAT targeting Afghan Finance, and The Gentlemen RaaS propagation detected.

May 31, 2026
Read →
Malware & Criminal Tooling

Laravel Supply Chain Attack, SideCopy XenoRAT Campaign, & The Gentlemen RaaS: OTX Pulse Analysis

Active threats: Laravel supply chain backdoor, SideCopy XenoRAT targeting Afghanistan, and The Gentlemen RaaS emergence. High urgency.

May 31, 2026
Read →
Malware & Criminal Tooling

Laravel Supply Chain Attack, SideCopy XenoRAT, and The Gentlemen RaaS: OTX Pulse Analysis

Critical analysis of Laravel backdoors, SideCopy APT targeting Afghanistan, and The Gentlemen RaaS. Immediate action required.

May 30, 2026
Read →
Malware & Criminal Tooling

Operation XENOFISCAL & The Gentlemen: OTX Pulse Analysis — SideCopy XenoRAT, Storm-2697 RaaS & FortiClient EMS Exploitation

SideCopy targets Afghan Finance with XenoRAT; Storm-2697 deploys 'The Gentlemen' ransomware; FortiClient EMS exploited for EKZ infostealer. Critical patches required.

May 29, 2026
Read →
Malware & Criminal Tooling

Operation XENOFISCAL & Storm-2697: XenoRAT, The Gentlemen RaaS, and FortiClient EMS Exploitation — OTX Pulse Intelligence

SideCopy's XenoRAT targets Afghanistan MoF; Storm-2697's Gentlemen RaaS propagates; FortiClient EMS exploited to deliver EKZ Infostealer.

May 29, 2026
Read →
Malware & Criminal Tooling

DinDoor Backdoor, AdaptixC2 & The Gentlemen RaaS: Multi-Vector OTX Pulse Analysis — Enterprise Detection Pack

Active MuddyWater and Tropic Trooper campaigns use Deno runtime and trojanized PDFs; Gentlemen RaaS ramps up defense evasion. High urgency.

May 24, 2026
Read →
Malware & Criminal Tooling

DinDoor Backdoor, AdaptixC2 Beacon, and The Gentlemen RaaS: OTX Threat Landscape Analysis — Detection & Response

Active OTX pulses reveal MuddyWater's Deno-based malware, Tropic Trooper's trojanized PDFs, and The Gentlemen ransomware. Critical detection engineering.

May 23, 2026
Read →
Malware & Criminal Tooling

The Gentlemen RaaS, Webworm APT, & AI Impersonation Infostealers: OTX Pulse Analysis — Enterprise Detection Pack

OTX pulses reveal active RaaS, China-aligned espionage, and AI-themed SEO poisoning. Urgent hunting required.

May 22, 2026
Read →
Malware & Criminal Tooling

The Gentlemen RaaS, Webworm APT, and AI SEO Poisoning: OTX Pulse Analysis — Enterprise Detection Pack

RaaS (The Gentlemen) and APT (Webworm) campaigns intersect with AI-themed infostealers targeting developers. Critical detection guidance provided.

May 22, 2026
Read →
Malware & Criminal Tooling

Webworm APT, FrostyNeighbor Espionage, and Ghost CMS Mass Exploit: OTX Pulse Analysis

China-aligned Webworm & Belarus FrostyNeighbor target Europe; Ghost CMS mass exploits fuel ClickFix attacks. High urgency.

May 21, 2026
Read →
Malware & Criminal Tooling

Shai-Hulud npm Worm, SHub Reaper macOS Stealer, and Nexcorium IoT Botnet: OTX Pulse Analysis

OTX pulses reveal Shai-Hulud npm supply chain attacks, SHub Reaper macOS spoofing, and Nexcorium IoT exploitation. Critical priority.

May 20, 2026
Read →
Malware & Criminal Tooling

Nexcorium IoT Botnet, UNC1945 Financial Threats, and NKAbuse Supply Chain: OTX Pulse Analysis — Enterprise Detection Pack

Active campaigns involving Nexcorium IoT botnet, UNC1945 targeting finance, and NKAbuse via HuggingFace. Urgent detection required.

May 18, 2026
Read →
Malware & Criminal Tooling

ASO RAT Surveillance & NKAbuse Blockchain Botnet: OTX Pulse Analysis — Enterprise Detection Pack

Active Arabic Android RAT targeting Syria + macOS/crypto stealer notnullOSX. Urgent C2 blocking required.

May 16, 2026
Read →
Malware & Criminal Tooling

Kimsuky PebbleDash, Vidar Stealer & ASO RAT: OTX Pulse Analysis — Enterprise Detection Pack

Urgent intel on Kimsuky's new Rust backdoors, Vidar Stealer via AutoIt loaders, and ASO RAT surveillance. High risk to Gov/Defense sectors.

May 14, 2026
Read →
Malware & Criminal Tooling

ASO RAT, Vidar Stealer, and Kimsuky PebbleDash: OTX Pulse Intelligence Brief

Live OTX analysis of ASO RAT surveillance, Vidar Stealer AutoIt loaders, and Kimsuky's Rust backdoors. High urgency for credential theft and espionage.

May 14, 2026
Read →

Showing 50 of 84 reports. Archive expands automatically as new intel is generated.

Free Detection Rules Included

Every Malware & Criminal ToolingReport Includes SIGMA & KQL Detection Rules

Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.