Telegram Threat Intelligence Bot

Malware Researchers fight an unwinable war. An endless stream of new malware is created every day and the analysis of each new piece is a manual and labor intensive task. Therefore groups of Malware Researchers on instant-messaging platforms such as Telegram developed. One example of these is the Malware Research group. These groups help out each other and allow for quick sharing of relevant information. One problem which occured in such groups is that the same links gets shared repeatetly or links get lost in the sheer mass of messages.

This is where the Telegram Threat Intelligence Bot comes to the rescue. It allows users to submit links together with tags. Using these tags one can find all related shared articles such all ransomware malware. Moreover one can subscribe to specific tags, in order to stay up to date about certain topics like cryptominers. Subsequently, you can find the documentation of Threat Intelligence Bot:

Tags

Tags are keywords which genuinely describe your article. For example an article which dissects the unpacking routine of Emotet could be tagged as {emotet,unpacking}.

Searching for Tags

To search for links with specific tags send /query {tags,you are,interested in} to the Threat Intelligence Bot. The bot will answer with all links which were tagged with all tags included in your query. Assume the bots link database would look like this:

Link Tags
https://example.com/Android-malware.html android, mobile, malware
https://example.com/cryptominer.html malware, cryptominer

A query which should find all android malware articles would look like this /query {android,malware}. In the above example the query would only return the first row, but not the second since the second row contains no android tag.

Submitting an Article

To submit an article to the bot send /submit short description of article {tags, describing, report} https://link.to.report to the Threat Intelligence Bot. The short description should provide a good summary of the article so users can decide whether to click on the shared link or not. The tags allow your link to be found by interested users. Finally provide the link to the article you would like to submit.

Subscribing to Tags

If you are interested in a specific topic, let's say Emotet's spam campagin, than you could subscribe to all submitted articles containing the emotet as well as the spam tag like this: /subscribe {emotet, spam} Once a new article containing these two tags is submitted to the bot, the Threat Intelligence Bot will automatically contact you and send you the new article. Of course, you can subscribe to several combinations of tags at the same. To this end just send additional subscribe messages to the Threat Intelligence Bot. Note that you can only subscribe to tags when sending them as private messages to the bot. This prevents users from abusing the bot to spam groups.

Listing all Subscriptions

To see all the tag combinations you are subscribed to, simply send /listsubscriptions to the bot.

Unsubscribing from specific Tags

If you feel like you get spammed by to many messages containing your subscribed tags or are no longer interested in those tags, you can simply unsubscribe from specific tags using: /unsubscribetag {tag, combination you are no longer interest in}

Unsubscribing from all Tags

If you feel like you get spammed by to many messages containing your subscribed tags or are no longer interested in those tags, you can simply unsubscribe from all tags at once using: /unsubscribe

Help

Forgot the syntax of these commands? Just send /help and the bot will answer with a short description of all commands including their syntax.