Telegram Intel Intelligence
Live threat intelligence collected from criminal Telegram channels — real-time threat actor communications, malware distribution campaigns, and first-look intelligence before it hits mainstream reporting.
Telegram Intel — Archive & Latest
Storm-3075 AI Phishing & SilabRAT MaaS: OTX Pulse Analysis — Enterprise Detection Pack
High urgency: Storm-3075 AI phishing, UAT-8616 Cisco SD-WAN exploitation, and SilabRAT MaaS detected. Actionable IOC pack.
Vidar, Lumma, and SilabRAT: Multi-Vector Credential Theft Campaigns via AI Lures & Supply Chains
OTX Pulse: Vidar/Lumma stealers spreading via AI lures & TikTok; SilabRAT MaaS targeting crypto; Cisco SD-WAN exploits active. (High Urgency)
QILIN Ransomware: Surge in Business Services Attacks & Exploitation of New Check Point CVE
Qilin posts 19 new victims, heavily targeting US Business Services. Immediate patching of Check Point and ScreenConnect CVEs required.
Operation AI Bait & Crypto MaaS: Vidar, SilabRAT, and Needle Campaign Analysis — OTX Pulse Intelligence
Active infostealer campaigns leveraging AI hype, TikTok, and PyPI to distribute Vidar, SilabRAT, and Needle. High urgency for credential defense.
QILIN Ransomware Gang: 19 New Victims Posted — Sector Targeting Analysis & Detection Rules
QILIN intensifies attacks on Business Services sector across US and Europe. Detection rules provided.
The Gentlemen RaaS & AI Supply Chain Poisoning: SystemBC, AMOS Stealer, and CVE-2024-55591 Exploitation
Active RaaS operation Storm-2697 exploits CVE-2024-55591 while threat actors poison AI supply chains with AMOS Stealer. Urgent patching required.
Storm-3075 AI-Themed Social Engineering & 4BID ProxyShell Exploitation: OTX Pulse Intelligence — Enterprise Detection Pack
Storm-3075 & 4BID campaigns: AI phishing & ProxyShell attacks. Urgent: Hunt for Vidar, SilabRAT, Sliver, Lumma Stealer IOCs across enterprise.
Vidar, SilabRAT & Needle C2: Multi-Vector Credential Theft Campaigns Targeting Devs and End Users
Active infostealer campaigns (Vidar, SilabRAT) using AI phishing, TikTok tutorials, and malicious PyPI packages. Urgency: High.
QILIN Ransomware: 19 New Victims Posted — Surge in Professional Services & Detection Engineering
Qilin claims 19 new victims, heavily targeting Business Services & Legal sectors via VPN/RDP exploits. Patch ScreenConnect & Check Point immediately.
The Gentlemen RaaS (Storm-2697) & AI Supply Chain (AMOS Stealer): OTX Pulse Analysis
Alert: The Gentlemen ransomware exploiting CVE-2024-55591 and AI supply chain trojans dropping AMOS stealer. High urgency.
SilabRAT MaaS & Storm-3075 AI Phishing: OTX Pulse Analysis — Enterprise Detection Pack
OTX pulses reveal Storm-3075 AI phishing, SilabRAT MaaS, and 4BID hacktivism. Detect stealers, RATs, and ProxyShell exploits.
Storm-3075, SilabRAT, and AI-Themed Infostealers: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns using AI phishing, TikTok tutorials, and PyPI supply chain attacks deploy Vidar, SilabRAT, and RustyStealer to steal credentials.
QILIN Ransomware Gang: 19 New Victims Posted — Critical Firewall & RaaS Activity Surge
QILIN claims 19 new victims, heavily targeting US Business Services. Immediate action required on Check Point & Cisco CVEs and RDP hardening.
Storm-3075 AI Phishing, SilabRAT MaaS, and 4BID ProxyShell Campaigns: OTX Pulse Analysis
Analysis of AI-themed credential theft, SilabRAT MaaS operations, and 4BID ProxyShell attacks targeting critical sectors.
AI-Themed Phishing, MaaS Crypto-Stealers, and PyPI Worms: OTX Pulse Analysis — Enterprise Detection Pack
Surge in infostealers (Vidar, SilabRAT) via AI-branded lures and supply chain attacks targeting finance and tech sectors.
QILIN Ransomware Gang: Surge in Attacks on US Business Services & Critical Infrastructure Vulnerabilities
QILIN posts 21 victims, heavily targeting US Business Services via Check Point and ScreenConnect exploits. Immediate patching required.
Storm-3075 AI Phishing, SilabRAT MaaS & 4BID ProxyShell: OTX Pulse Analysis — Enterprise Detection Pack
Storm-3075 uses AI themes for Vidar/Lumma infections; SilabRAT MaaS targets crypto; 4BID exploits ProxyShell for Sliver C2 deployment.
Storm-3075 AI Hype & SilabRAT MaaS: Multi-Vector Infostealer Surge & PyPI Supply Chain Compromise
Critical surge in infostealer campaigns (Vidar, Lumma, SilabRAT) leveraging AI hype, TikTok tutorials, and PyPI supply chains for credential theft.
QILIN Ransomware: Aggressive Campaign Targeting US Professional Services — Critical CVEs & IOCs
Qilin gang heavily targeting US Business Services and Retail. Patch Check Point and ScreenConnect CVEs immediately.
Storm-3075 AI Impersonation & SilabRAT MaaS: OTX Pulse Analysis — Enterprise Detection Pack
Threat actors leverage AI-themed lures for Vidar/Lumma deployment while new SilabRAT MaaS targets crypto wallets. 4BID exploits ProxyShell.
Storm-3075, SilabRAT, and Needle: Multi-Vector Infostealer Campaigns Leveraging AI Hype and Supply Chains
OTX Pulse Analysis: Credential theft surge via AI scams, TikTok tutorials, and crypto-stealers. Block Vidar, SilabRAT, and Needle IOCs immediately.
QILIN Ransomware: 15 New Victims in Professional Services & Retail — KEV Exploitation Alert
Qilin claims 15+ US victims in Business & Consumer services. Immediate patching of ConnectWise and Check Point CVEs is critical.
SilabRAT MaaS, AI Brand Impersonation, and PyPI Supply Chain Attacks: Credential Theft Campaigns — OTX Pulse Analysis
Active Infostealer & C2 campaigns (SilabRAT, Vidar, Needle) use AI phishing, malicious PyPI wheels, and social media to steal crypto & credentials.
QILIN Ransomware: 15+ Victims in 48 Hours — Check Point & ConnectWise Exploitation Surge
Qilin gang posts 15+ new victims targeting US Consumer/Business sectors. Immediate patching for Check Point CVE-2026-50751 required.
AI-Hype Stealers & SilabRAT MaaS: OTX Pulse Analysis — Enterprise Detection Pack
Storm-3075 and o1oo1 exploiting AI trends with Vidar, Lumma, and SilabRAT. High urgency credential theft campaign.
AI-Themed Infostealers & Supply Chain Attacks: Storm-3075, SilabRAT, and PyPI Worms — Detection Engineering
Active campaigns using AI lures (Vidar/Lumma) and malicious PyPI packages (Hades) targeting credentials and crypto. Immediate action required.
QILIN Ransomware: Legal Sector Under Siege — 15 Victims Posted & Critical Check Point CVE Exploited
Qilin posts 15 new victims targeting US legal and energy sectors. Actively exploiting Check Point VPN and ScreenConnect vulnerabilities.
SilabRAT MaaS & AI-Themed Infostealer Operations: Storm-3075 & o1oo1 Analysis
Emerging campaigns using AI-branded lures and SilabRAT to steal credentials/crypto. High urgency for Finance & Tech sectors.
Lumma Stealer, Vidar, and SilabRAT Credential Harvesting Campaigns: OTX Pulse Analysis & Detection Engineering
OTX Pulses reveal active credential theft campaigns via AI social engineering, malicious PyPI packages, and MaaS platforms targeting finance & tech.
QILIN Ransomware: Critical Check Point & Cisco Firewall Exploits Fueling Healthcare & Manufacturing Surge
QILIN gang exploits CVE-2026-50751; targeting US Healthcare & Manufacturing. Detection rules and IOCs included.
OTX Pulse Analysis: 4BID Hacktivist Operations & PAN-OS Zero-Day Exploitation (CL-STA-1132)
4BID group leverages ProxyShell/Sliver to target Gov/Healthcare; CL-STA-1132 exploits PAN-OS zero-day; GriefLure hits Vietnam/Philippines.
AI-Themed Infostealer Surge: Storm-3075, TroyDen, and SilabRAT Campaign Analysis — Detection & Hunt Pack
Urgent: AI-themed campaigns deploying Lumma, Vidar, and SilabRAT. Storm-3075 and TroyDen targeting tech/finance. Includes detection rules.
Storm-3075 & SilabRAT: AI Lures & Supply Chain Worms — OTX Pulse Detection Pack
Storm-3075 and SilabRAT MaaS campaigns target finance/tech via AI lures and malicious packages, deploying Vidar, Lumma, and RustyStealer.
THEGENTLEMEN Ransomware: Global Surge Exploiting Check Point & Cisco Perimeter Flaws
THEGENTLEMEN claims 15+ global victims, heavily targeting Healthcare and Tech via CVE-2026-50751 and ScreenConnect exploits.
AI-Themed Infostealers & 4BID ProxyShell Campaigns: Storm-3075, TroyDen, and 4BID OTX Analysis
Threat actors Storm-3075 and TroyDen leverage AI branding for Lumma/Vidar distribution; 4BID expands hacktivism via ProxyShell.
Infostealer Ecosystem & Supply Chain Compromise: Storm-3075, TroyDen, and Hades Worms
Active credential theft campaigns leveraging AI lures, malicious PyPI/npm packages, and game trojanizers. Urgent detection required.
THEGENTLEMEN Ransomware: Critical Surge in Healthcare & Tech Targets — CVE-2026-50751 Exploitation Analysis
THEGENTLEMEN posted 15+ victims in 24h. Active exploitation of CVE-2026-50751 (Check Point) and ScreenConnect detected. Patching and detection rules required.
ClickFix RATs & CL-STA-1132 PAN-OS Exploitation: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns targeting macOS/Windows with ClickFix (CastleLoader/AMOS) and critical PAN-OS zero-day exploitation by CL-STA-1132.
Storm-3075 AI Brand Impersonation & 4BID ProxyShell Attacks: OTX Pulse Intelligence Briefing
Storm-3075 abuses AI hype to spread Vidar/Lumma; 4BID exploits ProxyShell; TroyDen targets devs via GitHub. Detection engineering included.
Lumma Stealer, Vidar & Supply Chain Worms: OTX Pulse Analysis — Multi-Vector Credential Theft Campaigns
Storm-3075 & supply chain actors exploit AI hype & dev tools for infostealer deployment. Urgent blocking and credential hygiene required.
THEGENTLEMEN Ransomware Gang: 24 New Victims Posted — Sector Targeting Analysis & Detection Rules
THEGENTLEMEN ransomware group posts 15 victims in 24 hours, heavily targeting healthcare and technology sectors. Detection rules and mitigation included.
ClickFix Campaigns & PAN-OS Exploitation: OTX Pulse Analysis — CastleLoader, macOS Infostealers, and EarthWorm
Active ClickFix campaigns delivering CastleLoader/macOS infostealers plus CL-STA-1132 exploiting PAN-OS zero-days for tunneling.
Storm-3075 AI Hype, TroyDen GitHub Lures & 4BID ProxyShell: OTX Pulse Analysis — Enterprise Detection Pack
OTX pulses reveal Storm-3075 using AI brands for infostealing, TroyDen targeting devs, and 4BID exploiting ProxyShell. Immediate block recommended.
Multi-Vector Credential Theft Campaigns: Lumma, Vidar, and Supply Chain Attacks — Enterprise Detection Pack
Multiple campaigns using AI-themed lures, supply chain attacks, and credential theft targeting enterprise sectors.
THEGENTLEMEN Ransomware: Global Healthcare & Tech Surge — Critical Exploit Analysis
THEGENTLEMEN claims 15 new victims targeting Healthcare and Technology sectors globally. Action required for CVE-2024-1708 and Exchange exploits.
TroyDen AI Lures & Argamal RAT: OTX Analysis of Credential Theft Campaigns
Active infostealer surge detected: TroyDen's AI-generated GitHub lures, Argamal COM hijacking, and GriefLure APT targeting. Critical attention required.
THEGENTLEMEN Ransomware: 15 New Victims Posted — Surge in Healthcare & Tech Targeting via Cisco & ConnectWise
THEGENTLEMEN posted 15 victims on June 8, heavily targeting Healthcare and Tech. Immediate patching of Cisco FMC and ConnectWise CVEs is critical.
Remus Stealer, Gamaredon GammaSteel, and macOS ClickFix Campaigns: OTX Pulse Analysis — Enterprise Detection Pack
Active detection guidance for Remus/Lumma evolution, macOS ClickFix infostealers, and Gamaredon's GammaSteel targeting Ukraine.
TroyDen Lure Factory & ClickFix RAT: OTX Pulse Analysis — Enterprise Detection Pack
AI-generated GitHub lures and job platform phishing delivering LuaJIT stealers & Python RATs. Immediate blocking required.
TroyDen Lure Factory & Argamal RAT: OTX Pulse Analysis — Infostealer & Credential Theft Detection Pack
OTX pulses reveal large-scale infostealer and RAT campaigns targeting devs, gamers, and telcos using AI lures and COM hijacking.
Showing 50 of 541 reports. Archive expands automatically as new intel is generated.
Every Telegram IntelReport Includes SIGMA & KQL Detection Rules
Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.