Dark Side Intelligence Category

Telegram Intel Intelligence

Live threat intelligence collected from criminal Telegram channels — real-time threat actor communications, malware distribution campaigns, and first-look intelligence before it hits mainstream reporting.

749 reports availableRefreshed every 5 minutes

Telegram Intel — Archive & Latest

50 reports loaded
Telegram Intel

GIFTEDCROOK, Overlord & BRICKSTORM: OTX Pulse Analysis — Multi-Front APT Campaigns & Detection Pack

Russian, North Korean, and Chinese APTs target Ukraine, US Devs, and MSPs via WinRAR flaws, GitHub phishing, and edge device compromise.

Jul 8, 2026
Read →
Telegram Intel

GIFTEDCROOK, OtterCookie & BRICKSTORM: OTX Pulse Analysis — Multi-Vector Credential Theft Campaigns

Active campaigns by SHADOW-EARTH-066 and UNK_DeadDrop exploit WinRAR and GitHub to steal credentials. Urgent detection required.

Jul 8, 2026
Read →
Telegram Intel

THEGENTLEMEN Ransomware: Global Surge in Critical Infrastructure Targeting & Exploitation of Firewall Vulnerabilities

THEGENTLEMEN claims 15+ victims in 24 hours targeting Energy, Tech, and Manufacturing. Urgent patching of Check Point and Cisco CVEs required.

Jul 8, 2026
Read →
Telegram Intel

Salat Stealer, UNK_MassTraction & Cavern Manticore: OTX Pulse Analysis — Multi-Vector APT Campaigns

Three active campaigns: Salat Stealer infostealer, UNK_MassTraction exploiting Roundcube in universities, and Iran-linked Cavern Manticore targeting Israel. High urgency.

Jul 7, 2026
Read →
Telegram Intel

CrySome RAT, Salat Stealer & UNK_MassTraction: Multi-Vector Credential Theft Operations — OTX Intel

Active campaigns deploy CrySome RAT and Salat Stealer for credential theft, while UNK_MassTraction exploits university mail servers. Immediate action required.

Jul 7, 2026
Read →
Telegram Intel

QILIN Ransomware: 15 New Victims Posted — Construction & Business Services Targeted via Check Point & ScreenConnect Exploits

QILIN ransomware targets Business Services and Construction sectors using Check Point and ScreenConnect exploits. Immediate patching advised.

Jul 6, 2026
Read →
Telegram Intel

BabaDeda Loader: ClickFix Malware Campaign Analysis — Enterprise Detection Pack

Evolving BabaDeda loader using ClickFix technique for payload delivery. Urgent: block identified C2 IPs and hunt for installer-based infections.

Jul 6, 2026
Read →
Telegram Intel

SAFEPAY Ransomware: Aggressive German Sector Targeting & Critical Infrastructure Exploits

SAFEPAY targets German Health, Transport, Public Sector; exploits Check Point & Cisco CVEs.

Jul 6, 2026
Read →
Telegram Intel

Nezha Web Shell Campaign & BabaDeda ClickFix Loader: OTX Pulse Analysis — Enterprise Detection Pack

OTX pulses reveal active abuse of Nezha monitoring tool via phpMyAdmin log poisoning and the evolution of the BabaDeda ClickFix loader.

Jul 6, 2026
Read →
Telegram Intel

PAYLOAD Ransomware: Central European Campaign Targeting Energy and Agriculture via Firewall Exploits

PAYLOAD gang hits Energy and Food sectors in CH, IT, DE. Exploits targeting Check Point VPNs and Cisco FMC observed.

Jul 6, 2026
Read →
Telegram Intel

AsyncRAT & Remcos Steganography Campaign: OTX Pulse Analysis — Enterprise Detection Pack

Active global phishing campaign using Excel macros and steganography to deliver AsyncRAT/Remcos. High urgency.

Jul 5, 2026
Read →
Telegram Intel

OP-512 China-Linked Espionage + UNC3753 Targeted Campaigns: GhostKit, PlugX, Cobalt Strike, BazarLoader, TrickBot - OTX Pulse Analysis — Enterprise Detection Pack

China-linked OP-512 targets IIS with GhostKit; UNC3753 attacks US law firms with BazarLoader/TrickBot. HIGH PRIORITY threat intel.

Jul 5, 2026
Read →
Telegram Intel

CastleRAT, AsyncRAT & Havoc Framework: Multi-Vector Malware Campaign Analysis — Detection Pack

Active campaigns utilizing ClickFix, steganography, and tax lures delivering CastleRAT, AsyncRAT, and Havoc. High urgency.

Jul 5, 2026
Read →
Telegram Intel

Gaming Platform Phishing & Credential Harvesting: Roblox/Minecraft Targeted Campaign Analysis

Active phishing campaign targeting children via fake Roblox/Minecraft sites. High urgency for Education sectors to block IOCs.

Jul 5, 2026
Read →
Telegram Intel

GENESIS Ransomware Gang: 9 New US Victims Targeted — Critical Firewall & VPN Exploitation Detected

Genesis gang posts 9 US victims in Healthcare & Tech. Actively exploiting Check Point (CVE-2026-50751) and Cisco FMC flaws for initial access.

Jul 5, 2026
Read →
Telegram Intel

MarkiRAT Surveillance Operations + Pink Vishing Campaign + Global Smishing Network: OTX Pulse Analysis — Enterprise Detection Pack

Iran's TAG-182 using MarkiRAT; Pink gang with vishing; massive smishing op. High urgency for global enterprises.

Jul 4, 2026
Read →
Telegram Intel

Pink Vishing & Global PhaaS Campaigns: OTX Credential Theft Analysis

Pink actor vishing, global smishing operations, and gaming credential theft target finance, telco, and education sectors.

Jul 4, 2026
Read →
Telegram Intel

PLAY Ransomware Gang: Construction & Finance Sector Surge — Firewall & Remote Access Exploitation

PLAY targets AU/US Construction & Finance firms via ScreenConnect & Firewall flaws. Immediate patching of CVE-2024-1708 required.

Jul 4, 2026
Read →
Telegram Intel

Argamal RAT & Smishing-as-a-Service: Multi-Vector Credential Theft Campaigns — OTX Pulse Analysis

RAT via game mods & smishing ops targeting credentials across gaming, telecom, finance. High urgency: immediate blocking required.

Jul 4, 2026
Read →
Telegram Intel

WALLSTREET Gang: Critical Infrastructure Sweep via Firewall & RMM Exploits

WALLSTREET claims 4 new US/EC victims. Healthcare and Police hit via Check Point & Cisco CVEs.

Jul 4, 2026
Read →
Telegram Intel

BRAINCIPHER Ransomware: 4 New Victims Posted — Cross-Sector Surge & Detection Engineering

BRAINCIPHER claims 4 new US/BR victims. Actively exploiting Check Point & ScreenConnect flaws. Immediate detection guidance included.

Jul 4, 2026
Read →
Telegram Intel

WORLDLEAKS Ransomware: Global Business Services Surge — CISA KEV Exploitation & Detection Engineering

WORLDLEAKS posts 4 new victims across PK, BR, US, IT leveraging CVE-2024-1708 and Check Point vulnerabilities. Critical detection rules included.

Jul 4, 2026
Read →
Telegram Intel

BoryptGrab Stealer & Gafgyt C0XMO Botnet: OTX Pulse Analysis

Active campaigns deploying BoryptGrab stealer via GitHub impersonation and Gafgyt C0XMO botnet via router exploits. Credential theft focus.

Jul 3, 2026
Read →
Telegram Intel

APT73 Ransomware Gang: Global Surge Exploiting Check Point & ScreenConnect Vulnerabilities

APT73 targets Technology & Hospitality sectors across 4 nations. Active exploitation of CVE-2024-1708 & Check Point flaws confirmed.

Jul 3, 2026
Read →
Telegram Intel

SessionGate, RemusStealer, PCPJack & APT37 Supply Chain: OTX Pulse Analysis — Enterprise Detection Pack

OTX detects large-scale open-source impersonation, cloud SMTP relays, and APT37 supply chain attacks targeting Yanbian.

Jul 3, 2026
Read →
Telegram Intel

SessionGate & BoryptGrab: TDS-Driven Infostealer Ecosystem OTX Analysis

Active campaigns using Traffic Distribution Systems (TDS) and GitHub impersonation to deploy SessionGate, RemusStealer, and BoryptGrab. Urgency: High.

Jul 3, 2026
Read →
Telegram Intel

MEDUSALOCKER Intelligence Briefing: Surge in DACH Region Targets Telecom & Public Sector — Critical CVEs Exploited

MedusaLocker posts 10 new victims, heavily targeting Germany. Active exploitation of Check Point & ConnectWise CVEs observed.

Jul 3, 2026
Read →
Telegram Intel

TA4922 Global Expansion, Avalon Framework, and Malicious VPN Extensions: OTX Pulse Analysis — Credential Theft & Ransomware

OTX Pulse: TA4922, Avalon, and malicious VPNs drive a surge in credential theft and ransomware. Critical detection guidance inside.

Jul 3, 2026
Read →
Telegram Intel

KRYBIT Ransomware Gang: 11 New Victims Posted — Perimeter Breach Analysis & Detection Rules

KRYBIT posts 11 new victims targeting Tech and Logistics. Immediate patching for Check Point, Cisco, and ScreenConnect CVEs is critical.

Jul 3, 2026
Read →
Telegram Intel

RedLine, TONResolver & Blacksite: Global Credential Theft Surge — OTX Pulse Analysis

Multi-vector credential theft targeting maritime/hotel sectors via RedLine, TONResolver, and Blacksite AiTM kits. High urgency.

Jul 3, 2026
Read →
Telegram Intel

INCRANSOM Gang: Aggressive Public Sector & Healthcare Targeting — Critical CVE Exploitation

INCRANSOM escalates attacks on US/BR Public Sector and Healthcare using Check Point & ScreenConnect exploits. Patch immediately.

Jul 3, 2026
Read →
Telegram Intel

Bumblebee Loader, The Gentlemen RaaS, and Ousaban: Multi-Vector OTX Pulse Analysis

Active campaigns delivering Akira via SEO poisoning, The Gentlemen RaaS exploiting VPNs, and Ousaban targeting Iberian banks.

Jul 2, 2026
Read →
Telegram Intel

Akira Ransomware & Infostealer Swarm: OTX Pulse Analysis — Bumblebee, RedLine, and RMM Exploits

Active campaigns deploying Akira ransomware and stealers (RedLine, Ousaban) via SEO poisoning, RMM exploits, and AI framework vulnerabilities.

Jul 2, 2026
Read →
Telegram Intel

THEGENTLEMEN Ransomware: France-Targeted Surge, Critical Infrastructure Hits & Exploit-Led Intrusions

THEGENTLEMEN gang exploits Check Point & ScreenConnect flaws, heavily targeting French logistics/healthcare. Actionable IOCs & detection rules inside.

Jul 2, 2026
Read →
Telegram Intel

Bumblebee Loader, The Gentlemen RaaS, and Ousaban: OTX Pulse Analysis — SEO Poisoning and Geofenced Banking Trojans

High-threat activity: SEO poisoning delivers Akira via Bumblebee; The Gentlemen RaaS exploits VPNs; Ousaban targets Iberia with geofenced phishing.

Jul 2, 2026
Read →
Telegram Intel

Bumblebee Loader, RedLine Stealer, and RMM Exploitation: OTX Pulse Analysis — Credential Theft & Ransomware Campaigns

Active campaigns leveraging SEO poisoning and RMM exploits to deliver Bumblebee, RedLine, and Djinn stealers, facilitating credential theft and Akira ransomware.

Jul 2, 2026
Read →
Telegram Intel

THEGENTLEMEN Ransomware Gang: Global Campaign Intensifies — Sector Targeting Analysis & Detection Rules

THEGENTLEMEN ransomware group posts 15 new victims across multiple sectors with focus on France, US, and Taiwan. Immediate action required for exposed Check Point and Cisco systems.

Jul 2, 2026
Read →
Telegram Intel

RustDuck Botnet, AsyncRAT Sideloading & Gamaredon GammaWorm: OTX Pulse Analysis — Enterprise Detection Pack

Critical surge in threats: RustDuck IoT DDoS botnet, AsyncRAT via typosquatting, and Gamaredon espionage targeting Ukraine.

Jul 2, 2026
Read →
Telegram Intel

Bumblebee/Akira RaaS, The Gentlemen Backdoors, and Ousaban Banking Trojan: OTX Pulse Analysis — Enterprise Detection Pack

Severe RaaS and banking trojan campaigns detected via SEO poisoning and phishing. Urgency: High.

Jul 2, 2026
Read →
Telegram Intel

Credential Harvesting & Ransomware Delivery: Bumblebee, RedLine, and Ousaban Campaigns — OTX Pulse Analysis

Credential theft and ransomware delivery via SEO poisoning, RMM exploits, and maritime phishing targeting finance and tech. Urgency: High.

Jul 2, 2026
Read →
Telegram Intel

THEGENTLEMEN Ransomware: Critical Infrastructure Surge & Exploitation of Network Perimeter

THEGENTLEMEN exploits Check Point & Cisco FMC flaws to hit 15 victims across Energy & Public Sector. Detection rules inside.

Jul 2, 2026
Read →
Telegram Intel

Gamaredon APT, BTMOB Android RAT & Malicious VPN Extensions: OTX Pulse Analysis

FSB-linked Gamaredon targeting Ukraine, Android RAT surge in LatAm, and clipper malware distributed via trojanized VPN extensions.

Jul 1, 2026
Read →
Telegram Intel

Bumblebee Loader, The Gentlemen RaaS, and JINX-0164: OTX Pulse Analysis — Supply Chain & SEO Poisoning Wave

SEO poisoning, supply chain attacks, and RaaS identified via Bumblebee, Akira, and JINX-0164. Critical urgency for crypto and enterprise sectors.

Jul 1, 2026
Read →
Telegram Intel

JINX-0164 & GHOST STADIUM: Multi-Vector Credential Theft & Ransomware Delivery Chain — OTX Pulse Analysis

Active campaigns leveraging SEO poisoning, RMM exploits, and phishing to deploy Vidar, Lumma, and Bumblebee. High urgency.

Jul 1, 2026
Read →
Telegram Intel

THEGENTLEMEN Ransomware: 15+ Victims Posted — Analysis of Multi-Vector CVE Exploitation

THEGENTLEMEN aggressively targets logistics, healthcare, and public sectors across FR/US. Immediate patching for ScreenConnect, Check Point, and Cisco FMC required.

Jul 1, 2026
Read →
Telegram Intel

Bumblebee Loader & Akira Ransomware: SEO Poisoning and Supply Chain Attack Vector Analysis — Detection Engineering Pack

Active campaigns using Bumblebee, Djinn, and Lumma stealers via SEO poisoning and RMM exploits to deliver Akira ransomware. Urgency: High.

Jul 1, 2026
Read →
Telegram Intel

QILIN Ransomware: Global Surge Targets Manufacturing & Services — Critical Edge Device Exploitation Detected

QILIN posts 19 victims in 48 hours, targeting manufacturing and business services via Check Point and Cisco exploits.

Jul 1, 2026
Read →
Telegram Intel

OTX Pulse Analysis: GHOST STADIUM, JINX-0164, and Bumblebee — Credential Theft & Ransomware Operations

Active campaigns leveraging trojanized installers, event-based phishing, and LinkedIn scams to deploy Akira, Vidar, and custom macOS stealers.

Jul 1, 2026
Read →
Telegram Intel

QILIN Ransomware: 19 New Victims & Surge in Business Services Targeting — Detection Rules for CVE Exploitation

QILIN attacks surge with 19 new victims targeting Business Services. Detection rules for Check Point & ScreenConnect exploits provided.

Jul 1, 2026
Read →
Telegram Intel

Multi-Vector RaaS and Supply Chain Attacks: Bumblebee, The Gentlemen, and JINX-0164 OTX Pulse Analysis

Urgent detection guidance for SEO poisoning, RaaS expansion via SharkLoader, and crypto supply chain attacks targeting dev infrastructure.

Jun 30, 2026
Read →

Showing 50 of 749 reports. Archive expands automatically as new intel is generated.

Free Detection Rules Included

Every Telegram IntelReport Includes SIGMA & KQL Detection Rules

Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.