Framework for Monitoring Malicious Channels in Phishing Campaigns: A Cyber Threat Intelligence Perspective

Abstract

Phishing campaigns are becoming more sophisticated, using encrypted communication platforms like telegram to coordinate their activities and store stolen information. This paper introduces a structured and scalable framework that supports cyber threat intelligence (CTI) efforts in monitoring malicious telegram channels linked to phishing activity.The framework is based on a combination of machine learning and human expertise, and it leverages a large dataset of telegram messages and their corresponding labels to train and evaluate the performance of the model. The methodology involves four interconnected stages: extracting hidden artifacts from phishing code, gaining unauthorized access to private telegram groups, analyzing collected data automatically, and implementing counterintelligence measures to prevent detection. Initial findings validate the framework's ability to detect indicators of compromise (IoCs) and visualize the attacker's infrastructure. Additional functionalities like integration with threat intelligence platforms and artificial intelligence-based data enrichment enhance the framework's versatility and usefulness. This method improves proactive communication monitoring, providing a secure and flexible solution for tracking adversarial communication channels.