Created
December 1, 2025 18:16
-
-
Save silence-is-best/b0eed8c8a6d6f6381a30d17047603726 to your computer and use it in GitHub Desktop.
November Malspam Campaigns
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date, Details,Email Payload Type,Users Targeted | |
| 11/3/2025,Wire Invoice Payment; link -> msi -> logmeinrescue continued to 11/7,Link,55 | |
| 11/3/2025,Completed via Docusign: GSWQ5279.pdf; link -> zip -> xworm,Link,5 | |
| 11/3/2025,REQUEST FOR QUOTATION #PO - No° 20251103//WTS EXP & IMP PJ400; zip -> darkcloud,Attachment,2 | |
| 11/4/2025,Invoice Payment Received; link -> msi -> logmeinrescue,Link,36 | |
| 11/4/2025,PROFORMA REQUEST _ LATEST PRICE LIST (NOV 2025); z -> remcos,Attachment,2 | |
| 11/5/2025,Re: Booking Request - Job 3386 / FLC7932025 /; zip -> originlogger,Attachment,3 | |
| 11/5/2025,RE: PAYMENT DUE & SHIPMENT STATUS|FW: URGENT ORDER_NO.238275-ENQUIRY; r15 -> xloader,Attachment,4 | |
| 11/6/2025,ORDER - PO_1306; z -> bat -> remcos,Attachment,40 | |
| 11/6/2025,RE:RE: DHL - Shipment Doc-/ Arrival Notice - AWB# 13700658****ME85E1306221; z -> vbs -> remcos,Attachment,35 | |
| 11/9/2025,MV Nicos Tomasos /PDA request; zip -> snakekeylogger,Attachment,2 | |
| 11/10/2025,RFQ - VRF/BT/2025/ENG/041; z -> xloader,Attachment,4 | |
| 11/10/2025,(MT-103-USD)$109419 SWIFT - Payment Copy#38355616-1753107909; z -> BROKEN :(,Attachment,22 | |
| 11/11/2025,RE: Purchase Order No PO-VPI10-240002 INVOICE # 24-815 PO-VPI01-250138; r15 -> xloader,Attachment,2 | |
| 11/12/2025,EMDAD Ref No: 20295 // ADNOC ABU DHABI LNG RFQ No: 600002389875 RG7/24; 7z -> xloader,Attachment,2 | |
| 11/12/2025,AWB DHL 7214306201 Shipment Notification; tar|lzh -> vbs -> xworm,Attachment,22 | |
| 11/13/2025,RE: Release Payment Against SA // 1875- Returning goods to ABE; zip -> originlogger,Attachment,3 | |
| 11/14/2025,RE: RE: RE: RE; UNA CONFERMA DI PAGAMENTO/SWIFT!!!; zip -> vbe -> originlogger,Attachment,8 | |
| 1/11/1900,RE: Shipment Docs; r15 ->xloader,Attachment,4 | |
| 11/17/2025,Factura S2516925; lnk -> exe -> logmeinrescue,Link,3 | |
| 11/17/2025,Attachment name is PT Inquiry - Quote 09052022-008.exe; exe -> xloader,Attachment,4 | |
| 11/18/2025,Shipping documents for PO No.13234290; z -> vbs -> remcos,Attachment,2 | |
| 11/19/2025,VERY URGENT RFQ Required; tar -> remcos,Attachment,2 | |
| 11/19/2025,Shipping Documents - Hutchinson Antigua Ltd. - PO #AL11556; zip -> xloader continued to 11/20,Attachment,3 | |
| 11/19/2025,Attachment name is payment_advice pdf.rar; rar -> xloader,Attachment,4 | |
| 11/19/2025,October Invoice 2025; docx -> rtf ->,Attachment,3 | |
| 11/23/2025,proforma invoice; docx -> rtf -> xloader,Attachment,2 | |
| 11/24/2025,Factura Regocijos 34; rar -> guloader -> vipkeylogger,Attachment,2 | |
| 11/24/2025,Attachment name is order_specifications_pdf.7z; 7z -> js -> xloader,Attachment,3 | |
| 11/24/2025,Attachment name contains 'against Invoice Nos'; rar -> xloader,Attachment,4 | |
| 11/24/2025,RFQ # 24207459 - HIRE OF EME EQUIPMENTS FOR MUGHARAQ PORT; uue -> originlogger,Attachment,5 | |
| 11/25/2025,回复: Quotation; docx -> rtf -> vbs -> xworm,Attachment,4 | |
| 11/25/2025,Attachment name is bank swiftcopy.rar; rar -> js -> vipkeylogger,Attachment,2 | |
| 11/27/2025,OOCL Arrival Notice with Freight OOLU373720010046736372821158; zip -> snakekeylogger,Attachment,4 | |
| 11/27/2025,Quotation sheet; docx -> xloader,Attachment,4 | |
| asyncrat, 5659b4ea8582b110707f84728ceeb09d22e72c0f729a02d6d73dbf268b2397bd, 5.144.176.117:6707 | |
| darkcloud, 04e1f69458d2d6d073a4b61f97ba8a4d1219f8d57d4d682b48b9473bfc5dd1d4, https://api.telegram.org/bot8284488426 | |
| darkcloud, 17e58d32c3edba5a27fc78a38c63206d312811794e694c108fe77e1f74ecfc57, mail.mocbos.com | |
| darkcloud, 8eaae0cb9261a56feaae6b4f8621273407c3e78289333ef712b69e283f7db17b, mail.mytaac.com | |
| darkcloud, ccf31d4eda240bfe9b82970c6af1d14b8fecf0056092069986b787fca232f5f7, mail.wakenyawataliitourstravel.com | |
| darkcloud, db0130a6466a71fbe5972f9f12c50c137ef5cb5b82eac94058aba7ae93982e11, mail.newglobalconstrucciones.com | |
| darktorilla-xworm, bf405d5470cb9900f08371031043f5c7c7a790fbc2af3b7d1fe43f9dbca1b705, petro4prime.ydns.eu:5909 | |
| darktortilla-remcos, 4e45b33ef8d4447d199c7e6f7bb9d2e4baa3c2370a1e4e0ffa72bc042c9a5ca6, deo.ydns.eu:5902 | |
| guloader-phantomstealer, be590c4bc1fe38367119e4126d796626d6c91e155078507cef5c068d6df206ca, https://api.telegram.org/bot8133847852 | |
| guloader-vipkeylogger, 48f523c6335df41cd905843ebea2579080f5d58d1d0ae11e6043e93a5e4afd5a, https://api.telegram.org/bot8522979734 | |
| guloader-vipkeylogger, 73ebbbaee3d34dbd005e2af6745c18b905713065b463f2e1f8d06a36dad616c3, https://api.telegram.org/bot8097745687 | |
| guloader-vipkeylogger, b0e8491d0558fe31d0e2f591e7c09beb20321b5551b008dec47da8c1b14c28ca, https://api.telegram.org/bot8522979734 | |
| guloader-vipkeylogger, d935444ddfa36a8f7cae3f776d2c34c03b4916b3dc74df7ccd73aad6ccb5f377, https://api.telegram.org/bot8300966920 | |
| modiloader-remcos, 37781038b1e929cb5ae982031bf12b426cdce0b70bfb25ea189e1f1c4426062b, 45.138.16.206:443 | |
| originlogger, 4db74bcb0e687cf5e5ab70c1fe0775e84e06a37012a00eabf66cb55e5c920f23, fiber23-R.iaasdns.com | |
| originlogger, 6e95dde9ae59b93ed29b2a614a781f5582d5fe7c43dd8bf09aab41c4bc4cee92, https://api.telegram.org/bot6619004667 | |
| originlogger, 78c05491c78074584397569ba91acdcd5353b77dcf1e40df17b510f7672f9931, ftp://ftp.fosna.net | |
| originlogger, d41a54ee9f6f0de81009d98955fdd03cc7458ef3089bd4d21f8a1fc167f72928, fiber23-R.iaasdns.com | |
| originlogger, e329a29546eb5d2d57e3c21a1b2753a6ba13e2693894c00a0d44c09c0312a11c, mail.agromerimna.gr | |
| phantomstealer, 0dd12063f78569c5d0af372419000eeba8ac648be0ef8db395a1df5671e646b2, mail.sourc3trade.com | |
| phantomstealer, 30029f21161015e2d21d53f3c62f19c46a8abd24fd72304ad97e50ce54d95efe, https://api.telegram.org/bot8522979734 | |
| phantomstealer, bc82d798a4a55f39d56fe82eb148e67dcfff457ea0c1a5a6b4c2b0b24717a402, mail.fontsdelalgar.com | |
| phantomvai-purelogstealer, 70c360b47a33c8f984c6739e6f3d64fdd0cc7138f7eab4ce4aa10df5ffdc5aaa, 109.248.151.175:7705 | |
| purelogstealer, 35ce86f7b1671591135bc31143c7625ae6c3dbc3864cc8877640cc8cd9d12102, 45.137.70.55 | |
| remcos, 084fd47a500e122be1ab53c87d6b679bbb34bd1de0d2df5ad8fc7fc75f006f26, 192.227.128.173:3028 | |
| remcos, 09628e44730e751aa5f91a92541d5510ccdb96604f266ead6e3320402d8bf1e0, 46.247.108.59:5888 | |
| remcos, 1f770afd971f3372ca89d3eb71f539e415c89323059d3ed475b11d29facc0122, 192.227.128.173:3028 | |
| remcos, 4235c4b9a9b9da916671b5efcd96a137de5a20e203aebfb78feb11d2bf03069e, 209.54.102.138:1624 | |
| remcos, 4426926529e5a8542f58cf5593881c4bd3fdc2f89200832a74db095fabf6d91f, thales3033.com:3033 | |
| remcos, 6f52e6c46213bbef26c41be5f5a50c05584b53c4865d65201fac82908ee906ec, 46.247.108.59:5888 | |
| remcos, 7440ef0eba8981a16f223b10ccccd80671001258b5fd8e95e43161de32b1157d, 192.227.128.173:3028 | |
| remcos, 7e820f2a3cdf17787913010cb6c3b5ca8155c957642d7493ba9af3e6671ebf9c, 172.245.23.162:465 | |
| remcos, 8ebd003e1a80ebe1ca3d678c0d308ea45c060c2eeda6771dffe4e3772a1cfd61, 77.110.98.159:3033 | |
| remcos, 9a81b6b9208fe4e6f83a33fa207f8f046b4a6db185beba1fdb4ad764fe62d177, kastefer8jagr1.duckdns.org:57484 | |
| remcos, af2fe8381a8dbcc5878e080919e5afe3354c1fd2080ff646e02f274d70abf6ec, 192.227.128.173:3028 | |
| remcos, ba3fce213c422b7888f22517be05396e8c68fd8a938ca4781c63b5e758b541f1, 94.74.191.54:5888 | |
| remcos, bf85c808d84f3d1b83c812aaa7362b79b460f3d040ef9848a5df9d407b38b17d, 172.245.23.162:465 | |
| remcos, ca54ece8f6070eeaac4fae0635129df2ecb9664683cc5bdfc3998d7a351e651e, 192.227.128.173:3028 | |
| remcos, db4e9f15c7239c5eea2e5cea9ea80571d9fc8919cb69b08122270beb48de6ce1, 192.227.128.173:3028 | |
| remcos, ff8ecf3ecfe38ebea5b18a0f16a1d89717d1e3eaef62f6cc9c7892de6c72a778, 46.247.108.59:5888 | |
| reverseloader-purecryptor, b23dfe9a7e06ce12801e404603c920aed3c6ec21cd4745bef16f16da055f7eb7, 109.248.151.175:7705 | |
| snakekeylogger, 0fcfca46ec2f0eec79dbeea72354c8544a68f90f0493b6ca520123ea458240eb, https://api.telegram.org/bot8099843793 | |
| snakekeylogger, 41a7ea4325b76d7cf721b86c2cf60ccb0ee2b9773be7ba8aa2763ebf18335805, https://api.telegram.org/bot7453273782 | |
| snakekeylogger, 4aff42459dff49e82320ca2c7c02958f4135549f1bb21168cf42bd06eabd8306, https://api.telegram.org/bot1443320838 | |
| snakekeylogger, 5d5dccc123f46326481d3122f58cd0c4117ba0a7b7222a3b7135c645b8a8e5aa, mail.aaapaint-maint.com.au | |
| snakekeylogger, be9a172141629048ece6a45ea841681a91fa57ca2cc3c011a21901ecf579d46a, https://api.telegram.org/bot7453273782 | |
| snakekeylogger, bf86b9e0be3cf96feba5abe1537ff8607630b4e0753df8c7d627a69341a24fad, mail.aaapaint-maint.com.au | |
| snakekeylogger, c8aa42d3080017d34543f5ca21cd87ceb4ec2aedacebe2f898d43aa88e8008fb, mail.atlanticmarinevn.com | |
| snakekeylogger, df77cd98df7690d40bbf350359d3a33ce48fd925157e800d69491552aa69b95e, orasshipping.com | |
| snakekeylogger, e1b2ff255f455b87e526a051bfb97ba431d1eabde24f0af8a671d6a2615b1298, mail.fgiltd.com.pk | |
| snakekeylogger, f77e6cadc7f91b782fe3c9704ef3c66bd28ca7674c457634ddfab2afa515f905, mail.fgiltd.com.pk | |
| stealerium, 88feadbb2f9548d3c0cb9c6519bcea476acf9ac2a3eeccde5655457cbba29db4, https://api.telegram.org/bot6926474815 | |
| viperkeylogger, dfcfd9411491364986e5933eac3626e484c6fcf3921ddb86fe99edf180ecc225, mail.endermekanik.com | |
| vipkeylogger, 07e3e3a262016c7c7d339f8c074af15cc36abdd7528597a07084558364ffe59a, https://api.telegram.org/bot7778290192 | |
| vipkeylogger, 189e979611f57274c27df0f1a8135006764471aefd3735473a7a1dc40aafd31f, https://api.telegram.org/bot7453273782 | |
| vipkeylogger, 4044b7baa4f15107802b36ccdcf39895d8b83ab9f260b6641ac82a3935fdc83c, https://api.telegram.org | |
| vipkeylogger, 4f5699c07878fd3167f5c40107803b1fe6f9abc13d94c8dcc3d14d3eec594e5c, https://api.telegram.org/bot7453273782 | |
| vipkeylogger, 898561268e3bc9d64a77d51728379bcb498fce8abfa03cec24bb2db3a5b4c6b5, hosting2.ro.hostsailor.com | |
| vipkeylogger, 958a20415c168faffee4e9d9f61e496012a9138fc20faf361c3d8102b5b91c08, mail.endermekanik.com | |
| vipkeylogger, cff27c8330319bdb46e960d581aca24fbc8163cbb38390897a13aea97fb8e504, mail.kglindia.in | |
| vipkeylogger, e983c26fcb6dbe84ffccacc31eaff2e5101958e7cab982604c955f5d33ffa7c6, https://api.telegram.org/bot8522979734 | |
| vipkeylogger, f06f2d6b2877ccd27bae093352efd3d2e98a9a25042cb4f13999b6637f25ac6a, https://api.telegram.org/bot7778290192 | |
| vipkeylogger, f09a6e9af82bae02f6e21ea087b51fe70e15e3fe850ca99a843d20d866067249, https://api.telegram.org/bot8097745687 | |
| xloader, 04921bf47a65f24bcaab41a1ea31653bc61354d7478a21624b90d3eb61f25690, www.daoreef.xyz | |
| xloader, 0736bca6f642df69654f042e4ea38fe03d11a9dd6ac5e14fc5b6cba2a1facdfe, www.nwhz.xyz/riio | |
| xloader, 13be24eb879836e5e8321f81d0dfc1782c6354c574f6ee2cbc93e4524cdf0fb2, www.haijiaowangzhan.wiki/bat0 | |
| xloader, 1f3bdb38686a66cf238a07a79181c908179f654e886ee1b4531bfa8c18f52f6b, www.sz-xinbo.com/tmx7 | |
| xloader, 20d5148fc579f4d5cd970d13bce2f15136c8eb788037ffa40802d4f947946621, www.wllb.xyz | |
| xloader, 2968dbd64af4b7668158b729f043c71b653bec1d5e4c965359bbc662a4cd3fda, www.domik-st.ru | |
| xloader, 2ffc09c5919fe2df671b92cd55793ee5dc68ba6f828d3f5510aa7b2dfab99d86, www.rockwellmobility.com/gp2j | |
| xloader, 3b13784f510462a72c1d38b2e09a36a0acfe44da90208043f428d08ac4f539c5, www.moranxiaoshuo.com/wkk1 | |
| xloader, 3dc974c7c0c8f9661e021e383d86122d6053e45f1d42d7164d33a717b9b2bd02, www.q-courts.com/gw46 | |
| xloader, 5525baf000d741dc42c8fd9b8946d0ecba6a886754d123d1a707024dc35d3178, http://www.aerosix.mom/ljp4/ | |
| xloader, 555e8fcb52b3ee2433aaacf11c2c77403a8cd3444c59e53336a38e142967702e, www.newfloorsquinte.net/3kv9 | |
| xloader, 5e095de102b77f52da88ff96c3dce46667b80e8a9bd64a4e5f0de753524bdae3, www.newfloorsquinte.net/3kv9 | |
| xloader, 5f266855a1787ed15b3256ffec3e391369cbade79468f188fed70eb24ef96488, www.domik-st.ru/974w | |
| xloader, 6e1b565d73adc5f58f68656987b62e2bc51c217acc496dab3f5c2ce4df629e1c, www.thisismy.gallery | |
| xloader, 7051251ec9dccbd7571cb7b3c30e5f64ecf1feb7f3694b38a8307e24a3ba56ab, www.carolesministries.com/49l0 | |
| xloader, 869a2ecf27d975c9c063cb74e2a1ce3aab6ce93b80a80ef844608cc75a87b41c, www.oi3tf2.vip/wqwd | |
| xloader, 9587e5194e97233e25db8c27e260e7a964e37409908223831a96764a5c9aa8e8, http://www.capitalfit.xyz/8e49/ | |
| xloader, 97a001cd2be5747bcdd4491ff2e0e02916d39395998105c9aecf8d68311ae17e, http://www.worksfp.xyz/76pt/ | |
| xloader, 9f49021aa2d4e7e617c0bfb2dac113b83588a469dc7f74163854ba5036b4cd7b, www.huabian.com/agwd | |
| xloader, a22fbf8df4e4bc60d3e712cefe4827639f213a93b1a995218d3950f5edbe5078, www.thisismy.gallery/gsrd | |
| xloader, a68c8b552dc6416db42a98e331b13d30e6ba04d3dec7c9fe1636f1eebed71912, www.wllb.xyz/thr7 | |
| xloader, ab7db835f1e31adaace012129fcc106d232839141c01b4b3b7fde122423f74ed, www.hez-energy.com | |
| xloader, af3bf0af39c484086efb44eef2f4805c15330c04922723975613c8740be30ff2, www.qeltrbu.sbs/b79e | |
| xloader, b9b168088505eeb033b4bd3a66a82178bea69f61c4153d000a47d5ed867f3531, www.domik-st.ru | |
| xloader, bef94433d26c99a11e7a4408ce031bc5edf77d7aa8286df6aecb695bdd496563, www.qeltrbu.sbs/b79e | |
| xloader, c376c4e61cc12233ee7a86336078c76ddb2f5029a54b0153253e90e66f7414f3, www.carolesministries.com//49l0 | |
| xloader, d35e98ed5ac77679e813b2a362ce37bc0a247b45758d60327ac5b8a4a048c0ab, www.nwhz.xyz/riio | |
| xloader, db21d3e922011fb160cf1cecad57529406bbdadc6299da9255d0083df2e7706c, http://www.worksfp.xyz/76pt/ | |
| xloader, dfb26be7653792b528f1eebbf369f94a76c1f40ff8cb50377f8d49d0ed846417, www.wllb.xyz/thr7 | |
| xloader, f231f3ace931fcc753eb4dddc25b63541df30f33cf3cb840dab6629a4a0ad2a6, http://www.astro-kluch.ru/n5wd/ | |
| xloader, f403f97b712e31aea525adb844e37853c032178bfdaeca5e2ab3ee7ffb07748e, http://www.emberfmeadowzu.store/jmy3/ | |
| xloader, f8b0f66cf4778ac6c5c91358e523994efec3065636e25d9487ec5d87dfbef14b, www.domik-st.ru | |
| xloader, fa1419f1889b4a2f1d65cda0595ceef6a720af1edbdcdbce09f660b453e7b3d9, www.sz-xinbo.com/tmx7 | |
| xloader, fdd0a8858df54f275b361c6a7dae61ffb8761943c02d72a7f658c1ca56345b31, www.yoniyoga.club | |
| xworm, b02b279161596d4cfb6a031d2354460ab7d4918b0963f24a24560c2014ca9251, petro4prime.ydns.eu:5909 | |
| xworm, be70c03f103baf35d2e66d758eb81bd2b580150d8056c15eaf4cffa1a2bebf84, https://api.telegram.org/bot8024716497 | |
| xworm, d8058d8b09d0066ee05c179b74e6448368eaf49a11bb720fbe5b1fcda4ec4dd7, 172.245.106.56:2214 | |
| xworm, f4073f71a9d0616905a018e6f42c60530ffaad1cba3f1057d3f47b82fa3f90e5, 107.172.44.153:6000 | |
| [email protected] | |
| [email protected] | |
| [email protected] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment