The Detection & Response Chronicles: Exploring Telegram Abuse
ID: e3795d34-d803-50bc-a088-f58caf512d1d
STIX ID: report--e3795d34-d803-50bc-a088-f58caf512d1d
Feed Name: NVISO Labs
Threat Score
This NVISO report documents active abuse of Telegram by multiple malware families — including DeerStealer, Raven Stealer, Lumma, Lunar Spider and a trojanized XWorm builder — for victim monitoring, command-and-control, and data exfiltration via the Telegram Bot API and channels; it includes campaign details, numerous IOCs (domains and hashes), and KQL hunting queries for detection and mitigation.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.