Created
November 3, 2025 16:44
-
-
Save silence-is-best/5ac67205cb12c0244d0c591b95dde1c9 to your computer and use it in GitHub Desktop.
October Malspam Campaigns
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Details,Email Payload Type,Users Targeted | |
| 10/5/2025,RFQ 6000187979 from 3060; z -> xloader,Attachment,22 | |
| 10/7/2025,Re: Purchase order Items- Quotation request; zip -> redline,Attachment,2 | |
| 10/7/2025,MV TBN CALL PORT FOR LOADING COAL; rar -> phantomstealer,Attachment,2 | |
| 10/8/2025,RFQ - VRF/BT/2025/ENG/037; z -> vipkeylogger,Attachment,4 | |
| 10/9/2025,FOLLOW UP ON REVISED CONTRACT PROPOSAL;pdf -> link -> screenconnect,Attachment,2 | |
| 10/10/2025,Attachment name is swift copy for USD 67,825.00.zip; zip -> vipkeylogger,Attachment,2 | |
| 10/12/2025,RFQ-SPE-2025010-WA001310; tar -> remcos,Attachment,2 | |
| 10/13/2025,RE: KABRU 25006 14 X 20 DV; xlam -> darkcloud,Attachment,3 | |
| 10/13/2025,RE: Purchase Order - HOM-OS-20-25-813; r15 -> vipkeylogger continued to 10/14,Attachment,6 | |
| 10/13/2025,purchase reference _101220255; rar -> darkcloud,Attachment,2 | |
| 10/14/2025,Det Invoice // NGEC50388400; xlam -> darkcloud,Attachment,3 | |
| 10/19/2025,Quotation against Re: rfq-Oct-19; z -> xworm,Attachment,2 | |
| 10/20/2025,OUR REF: RET-402-1438; tar -> cmd -> xworm,Attachment,2 | |
| 10/21/2025,Attachment name is 81063733091.img; img -> purelogstealer,Attachment,3 | |
| 10/23/2025,Enquiry No: DPOC/MR/OPER/25/006; z -> xworm,Attachment,2 | |
| 10/27/2025,RE: Request SOA for September 2025; xlam -> darkcloud,Attachment,3 | |
| 10/28/2025,Inquiry on pricing and delivery schedule; rar -> vipkeylogger,Attachment,2 | |
| 10/30/2025,Re: Payment Advice MT103; z -> xworm,Attachment,2 | |
| darkcloud, 08e73d9777f29184876b7f6cf05f6b69c2eb45a6f092b3e50d706d29f3281c01, fiber23-R.iaasdns.com, | |
| darkcloud, 1603cd4fa0888d09a44a0e46087f4aeae9d42e68d0adbd5fdf2a60eb0343a553, mail.incidental.com.tr, | |
| darkcloud, 1e77489c920a17e0290d04e8471c20a2e3437b89bd90b6c1874f95ffe919bf2a, https://api.telegram.org/bot8401278689, | |
| darkcloud, 22d3d18fa3270b3fb4e70ad7109ac0aba259ca3c5d07542a3fdb9bafc1b88217, mail.octopus-uae.com, | |
| darkcloud, 6676a335ff17a780fd508c01f7202bfcaaaf167ccf75c64ac19277883ba00956, https://api.telegram.org/bot8100463327, | |
| darkcloud, 689b86b0fad706fb4f8423bc737b154c66f86cc00dcefdb2e9cf0f5783814c7c, https://api.telegram.org/bot8100463327, | |
| darkcloud, 6bbc953eb5d0d660c75ddc2659d68fc2966e498e4baa2e9c6762527f71f383f7, mail.octopus-uae.com, | |
| darkcloud, 752a406c3e6f56db0ca474d9ccd7b55b61ee5df6ab8d783092ea5df285a95153, mail.incidental.com.tr, | |
| darkcloud, 83cd275cb1b0c6d65b6d79487915fd86d78083782b585e01610e433fc25b73e5, fiber23-R.iaasdns.com, | |
| darkcloud, 84e858b5ba08923e9efa2506aa14baa45d6d2999f0fa0c69740a2a4c30cce67a, mail.ounelec.com, | |
| darkcloud, 950e4f12425e3800eedbebb9421181a4e60fdfd697e5d2e513306b205dc0557e, https://api.telegram.org/bot7740411592, | |
| darkcloud, 9c796528940d292bcadfbf30c92c24c55b834efb4ad7326c738280d10fc1137f, mail.octopus-uae.com, | |
| darkcloud, a83120ce8dea78816c294e86302d18cb962fec55f3cdb068f9ee56069856bb63, mail.incidental.com.tr, | |
| darkcloud, c7d8e756ffc76fd688a418364004171305a080b8d77f4dec4cdb8b891b2a1848, fiber23-R.iaasdns.com, | |
| darkcloud, dbb7425f1b37b75f8e8dac238ae84cd6c7d3dda28f370fed9c1a17da51d2f38e, mail.incidental.com.tr, | |
| darkcloud, ef99ea97c4c73ddaecd5e1dd916c4ad2be4ad57313df192e245d992f6b6f363d, mail.octopus-uae.com, | |
| darkcloud, f5258640cfc9d241ecee954610e417cd8f07aedd020cc39d1c23e03fbf87379a, mail.incidental.com.tr, | |
| darkcloud-m0yv, d5ffca1430a7af94f3bbc02893f7494b0a2b3d3cdb90c013f1946f14a26556d7, mail.octopus-uae.com, | |
| darktortilla-xworm, 4206c4ded33b3137cb67d2013deb8c6d78b4a55fd16d9930904ad548d8802c19, petro4prime.ydns.eu:5909, | |
| darktortilla-xworm, 8f526c18a2151d5d43f9d3569696519bfb76a900fa8b7ff4e4f0100051730c8d, petro4prime.ydns.eu:5909, | |
| darktortilla-xworm, d88fe34d1717339c4c27377b31b7a313867daefa50d05e54f0e35efb4a371062, petro4prime.ydns.eu:5909, | |
| darktortilla-xworm, ddc72caa3151b8ed4d54dae76f078dbe0c3d3de110ec9bee16c29c7f76b2720b, petro4prime.ydns.eu:5909, | |
| darktortilla-xworm, f4862dbce922841b392d640cc9469fa48b53509cdd81ca783d851a7537b6478d, petro4prime.ydns.eu:5909, | |
| guloader-remcos, 9249a7ad840b82ede2f2816a3b91d7d00196b90f2d10307208c7b6d784582861, 161.248.178.253:2404, | |
| lokibot, 8de658d191147b9e37ef7850ddffd5b36726c81002fe8144d8c89d5e79c9f790, https://electrico.co.zw/putty/five/five/fre.php, | |
| originlogger, 3cc8ebdc770eed05864ce67f642df1d35a59005ee108fbeba205cf8e9f27f514, ftp://ftp.fosna.net, | |
| phantomstealer, 0063075daa673a3ec1ae04708e8394c34afac95f193c8486c75d43d450d9d821, https://api.telegram.org/bot7998796008, | |
| phantomstealer, 79879634592305c6b0c9380d3aa194b520eb82836487e97c423b70aee55bdf41, mail.taikei-rmc-co.biz, | |
| phantomstealer, bff141638eb2f9aa97981ca1f7b56eecdd22f549af917c5d921749b5b75a7e54, fontsdelalgar.com, | |
| phantomstealer, c5160d4f3a4e88e17578457b74f6c64751787f7075fb96df9a4a5730c6def38c, mail.taikei-rmc-co.biz, | |
| purelogs, 8e85a8620ba8eda994b3e9d9326dd108afe0b45f781b0179d71a034e2f917bd1, 176.65.139.85, | |
| purelogs, 917c66bbf78fcf0911f63f303e99d7bb652814b6e0518057ea0cbf39e4783dda, 45.137.70.55:5888, | |
| purelogs, b94e73181f7dcadaa59fd258eaceb8de41f4161e8baf0fa76fed58d957e4fd36, 45.137.70.55, | |
| purelogsstealer, 054e3c0da63e2eed91ab3e0dc24350df990263e90095503f89bd3f79033d3052, 45.137.70.55, | |
| purelogsstealer, 6c0ddb4207c9f2e26e9a777dce19643f068c706d4f4b50a9d1ac381d63fd78eb, mail.taikei-rmc-co.biz, | |
| purelogsstealer, bc19c068f80c921461efa45e340b9afecc620222e3fb6fd505785f213fc2a5fd, 45.137.70.55, | |
| purelogsstealer, d0fdf8d7394d40debb1147cde780dd3ff5eded6f118e97d21d11f5bf6309a33c, 45.137.70.55, | |
| purelogsstealer, d13314a6e98f6d2892cdb78c59bd1c0f49b62b3ad5d2460d7a2237510c706267, 45.137.70.55, | |
| purelogsstealer, d60d944168dc37e539abc2c2a0ec0b301bc076d24373d50bc31aaf8c6c3a8967, 45.137.70.55, | |
| purelogstealer, 1cf8c2f73cec9bfeb92ffb53c434b8e24a98de98be8b6cf5acda00a34b79b7fb, chukwunweikefrankokiteamaekeibeku.ydns.eu, | |
| purelogstealer, 430ccfae4a3402f6e00d2f827c8ee0607733808c09bba87f0c885d9173ed665d, chukwunweikefrankokiteamaekeibeku.ydns.eu, | |
| purelogstealer, 4b29564a5235875f5ec10225192b96ef4974287f1fcb5c69bacd516ff15cb315, 45.137.70.55, | |
| purelogstealer, b93192b624857c67e5febbb9ed28908024257e677cea4a328c12904c2deeb57d, 45.137.70.55:4888, | |
| purelogstealer, db852ad84f1f1fbb5a65d6655e56a44c4d21ef4d0e002b551e418d229747e530, 109.248.151.175, | |
| redline, 578b07364d330f57c234cc86673661c830c9fd5144eb3bed4a8acd7e8823b67e, xred.mooo.com, | |
| redline, bc889fdebcbe896465f61bd37004bf964537562ef89df507b817d92796597391, 38.255.43.72:53666, | |
| remcos, 44b4e8fd5f88de4ef6a49b7d42e9b31c226f66346db7f73d3ad8aaf1074c7f12, chukwunweikefrankokiteamaekeibeku.ydns.eu, | |
| remcos, 6e13f5c8ca7758d00a49978541775a5c4c6f507b060c473482fbecb190fd0d9c, 196.251.92.69, | |
| remcos, 86f97af186cbeab31bbafb7f17ef61da4a6fe69d90a247fb84406c1c5f1e8c37, www.abiaclassprojectpage.com, | |
| remcos, 89c3239f7fc90a3d56d89948ba2aef3459b903af6fa1c503824456df13c3ebfc, chukwunweikefrankokiteamaekeibeku.ydns.eu, | |
| remcos, 8c559eb37c00fb47e505e162749b8ae9d7f8e235da0454d43b8b0841ac492639, 147.124.215.99, | |
| remcos, a245dc4e4ff5da951dfe9f37988d93300928a866c497b21d3de660d2b1b0f65c, chukwunweikefrankokiteamaekeibeku.ydns.eu, | |
| remcos, abd56fe04c36d4373ea9cc53efa0aec3bfd626a632c1079581163eaba26a0545, vestcast.co:2459, | |
| remcos, ade2283b9bf50c48d8da2aa2d782e4b152bc13b4fc1665f665a55518d426a42a, chukwunweikefrankokiteamaekeibeku.ydns.eu, | |
| remcos, b5d0552aa20ae4bec3f41829abfb9e3b797512bcc9cdb9e6454b63f6a6727cea, bv0n1d6w.duckdns.org:39402, | |
| remcos, d899a46671c4d07c396298300fa8bccb84afef9953785cfb6caacd95b059543b, 161.248.178.253:2404, | |
| remcos, f05c415b0a73acd8aa15d8c4ae0e9f12542c0bb32af1ab799383c9650fcf8b6c, 212.162.149.200:443, | |
| screenconnect, 2ca0dc3544cb47fe391f5203ab0325ed4584255914280ca2377d5aa3ae58c5eb, connectwise.fun:8041, | |
| snakekeylogger, 0443e508c14630fca81d33c7a33555a32cc35226ebd95d10e361a22fa3beed2a, https://api.telegram.org/bot7555712183, | |
| snakekeylogger, 428fa035710ddde4c3187146a526d8f9570ec5d6cd83e850cc067077605750ef, mail.focalipalet.com, | |
| snakekeylogger, bd56409ae9a40192097a1b4604f95dbe2ba3c4bf3c1c89bef031c4866300f1f6, https://api.telegram.org/bot8210218614, | |
| vipkeylogger, 0f67fe74fb4cf4338c01d4fef99efbc2d7fa49d5acd524e0dd7a7700c8c80af4, mail.reliableenggworks.com, | |
| vipkeylogger, 19a3283949271cf9f779d7d9377ad322e6fd1b06d169f9b041e09db28a7fed18, mail.brightaromatics.com, | |
| vipkeylogger, 39396ab96a8f83c225badbc07835d28f29e38fe06b9168e71be5a475176d66b2, mail.zbvind.com, | |
| vipkeylogger, 398547335160c91d14e3d07534e769d161efca44fa54015aba8b1540ec56a796, mail.reliableenggworks.com, | |
| vipkeylogger, 3d0dc5e78a43a3651e144c2eb3b05b1268580895b2458b2a8bee4779189d6203, https://api.telegram.org/bot7555712183, | |
| vipkeylogger, 4711d978b2be1a092da7ca5e3d8243ba1cb13407cdb9b483bbf9e893df54999c, https://api.telegram.org/bot6647968238, | |
| vipkeylogger, b7e6e7c2a0c73d197807699e8f4d90af52b600f6065d2fa80a03238dcbda7a6e, mail.brightaromatics.com, | |
| vipkeylogger, c9556f0dd8a84747a9eb4e92fd464bfdaccdec7d7adabdefd2e63751a7e6ba85, mail.focalipalet.com, | |
| vipkeylogger, dfac1b53768188c25ebed27409d136725f4babab59bc1e6fcafb391ec8ff4d1f, mail.brightaromatics.com, | |
| vipkeylogger, e04812a41b547180ad6a5d317c837285ffbcc947bcd2828bb0f7889a5605dd56, mail.foreignpolicy.org.tr, | |
| vipkeylogger, e5296213a3d3833fed7adb811b7301e623e0a89011e5adcebf9cc7d387fdbaea, mail.reliableenggworks.com, | |
| xloadeer, d374091cdaf72ea9673f8e9d63eebaefc9315a3511f0194dda15252ebb517c66, www.maxboxbrasil.shop, | |
| xloader, 06fde543ff6fd284c390329229bbb6ffae4de88fe0c6f4423c7ad5f975e0c2d1, 3lbmo.top/hi23, | |
| xloader, 07c8a86e797b6ff14abb1f093dd276809d5955b08e8c08d217aafcfe3c3046fc, www.atomicmanager.xyz, | |
| xloader, 0f5a1d94343f393dbe063e997238d20a5367f96465003bc181d8814bbcd7ba6c, www.byteplay.online/5nro, | |
| xloader, 0fc60cb67b732040e637de65e605c9a395c366b8823c9e92c363d20a7a1bd826, http://www.94qt15.top/rzsq, | |
| xloader, 20be309bf6b73157d6ffcacabfe2a4140c5270390836f2d06cc638fed98877fb, www.hez-energy.com, | |
| xloader, 385a6144e684a9508f25fbec58476588f915f4194fd5233612128aad5b849ef7, www.airdropsrag.xyz/xvwf, | |
| xloader, 40eb95d0ad64a1451d51d018778573335e94e4a28fc044c629795ef7f6caede8, www.coach-finders.net/xvwf, | |
| xloader, 4123bedccc18eee83aa4c7d8e1b64191ddde5fc234bd3c1cbd7f998571e47112, sy157.top/hi23, | |
| xloader, 44eb0ca230176e7653e8287dac64b16e4cfde7088635498e52d802d8a3dcb7e9, www.palmiye.today, | |
| xloader, 5281fe57e80525a3f72c2ff63b35538a4d183801eb9a32388180f763db4200e7, http://www.breoshop.sk/kpwp/, | |
| xloader, 53e3d40438281dbf5e1134d15416f086775173aa7cbdfaa7b85465bf8480cddc, www.yourcarrier.xyz/o3x3, | |
| xloader, 6500b4198a595f173e1009ec7f6fca35b2e62e175911726a1bf6fbb44b5897c2, www.89betv2.net, | |
| xloader, 65140ae2ddd1e19e3dcdd80ad3b6bd652e7388334e1bd1c526486a12b25df026, http://www.grasep.net/caor/, | |
| xloader, 6b99c4f6b8babd1543ea649610670d97754414f0ca42564205aa4b08ce8471b4, www.yourcarrier.xyz, | |
| xloader, 703af985b3787f140971cccc1cfe86ed8af40a9ba9e05ab0e7e2d67ac97a79b7, www.coach-finders.net/xvwf, | |
| xloader, 7adce544b62e952c35eda61e57a188834b85bade02d1112ac2e8cf910bcb5903, http://www.lending-swap.xyz/8af3/, | |
| xloader, 8e4c1adee2efbf66d385cf19a33b84e2ee23bd2f8e6d84d2223cb73173b2116a, www.delvoro.live/khn8, | |
| xloader, 90ea1c4f055151523a1960b3d36778489ecd187ffb79d843012eafefdeaa3285, 3lbmo.top/hi23, | |
| xloader, 9f553bbfad12d1079c4b0935c57410a0149b02bd6669d34431ab9fb1668da820, euenvioultimopasso.shop/hi23, | |
| xloader, 9f553bbfad12d1079c4b0935c57410a0149b02bd6669d34431ab9fb1668da820, sy157.top/hi23, | |
| xloader, a6fe2868beed6abd768621f4ace603c9a9b7f5b5ad1029344e953fbb81649506, www.yqyqyiqian.top, | |
| xloader, accb7129fbcd2d0cf1b27891978f428fc07f28a1a433cbae840195d5c0930d4a, www.3tuga.xyz/1bl4, | |
| xloader, af0479c951a33eabf8ffe589a8494781e8e071599a916da305bd1852b58f1a5c, www.3lbmo.top/hi23/, | |
| xloader, bf8d154fcc6c9e8000eb86b2f45a8eba9588baa407199db8aa36f9da83a99254, www.2026tech.xyz/5tw6, | |
| xloader, e80ff6956ffb3e3189596fe42c13b03efb70c023bb9db2f83db9d91ec04a157c, www.maxboxbrasil.shop, | |
| xloader, e8f58969694b57552d15189f2942b202b57f90d23ae9e068ae7db0e086ee31a8, ww.ratro.xyz, | |
| xloader, fb16330c871833981f73ada3203538f6549a62be87150af3ba00536029ccc63b, www.majubaji-apk.net, | |
| xloader, ffc80b59d812eb62c2a8534202477ac2d02cb5e1b6ee53939142e300e31cbb12, www.donlawsonat70.vip/3a29, | |
| xworm, 04ed4c7cbfc1c59414207610ad914115c870308143c0b9bb911dcc6cd7a84619, https://api.telegram.org/bot5311244213, | |
| xworm, 24d5c728af9ea56d4148f0d00e443db04621415c3730ab68b6ad8b8b3ec534bf, 107.172.44.153:6000, | |
| xworm, 35ef8cddda57c7c8c680d976e5023b6777a875d3f5a071eb8d3acbaf96fad0e2, https://api.telegram.org/bot8441577667, | |
| xworm, 4fc5db02f555a38fe3a0153e1f7d8261fc545a9ac7a2951a4558f5571b20531d, 203.202.232.225:1414, | |
| xworm, b7a2e50c046591a5ec4042a6328b6b4aca86987d45c305bdaf45c02ddc97b4c3, https://api.telegram.org/bot8441577667, | |
| xworm, bbd166e6d916f328c29a4e19a4cb2f686c447b197eb7291def515bc3a63fdda7, https://api.telegram.org/bot8024716497, | |
| xworm, bc4a510046a3fe5f115e3087cb40fd0789f0f0cec4eef02d9c0e6d4930753ed7, 107.174.142.123:3434, | |
| xworm, c37fea46377f4e5bdcc8517a2efa6e9d6979119dfa3bef59850abd939d52fb2b, https://api.telegram.org/bot8441577667, | |
| xworm, ead1f61ec0d29c5903084176a45994cf9229c6464e3f24cc651a4b901a855a29, 107.174.142.123:3344, | |
| [email protected] | |
| [email protected] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment