Skip to content

Instantly share code, notes, and snippets.

@silence-is-best

silence-is-best/gist:d88941f83dc233ae953fd62daa34ab88

Created October 2, 2025 18:49
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save silence-is-best/d88941f83dc233ae953fd62daa34ab88 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save silence-is-best/d88941f83dc233ae953fd62daa34ab88 to your computer and use it in GitHub Desktop.
Download ZIP
September Malspam Campaigns
Raw
gistfile1.txt
Date,Details,Email Payload Type,Users Targeted
9/4/2025,RE: Shipment Docs; js -> txt -> xloader,Attachment,3
9/4/2025,Zoom Meeting Invitation; link -> msi -> ateraagent,Attachment,4
9/9/2025,P.O; gz -> xloader,Attachment,2
9/10/2025,UNPAID INVOICE REMINDER - LionsHome GmbH - Invoice No. 2025-08-839; rar -> xloader,Attachment,9
9/16/2025,RE: Shipment Docs; r11 -> xloader,Attachment,6
9/17/2025,Re: Shipping Documents and Invoice; zip -> originlogger,Attachment,7
9/19/2025,Re: Quotation; gz -> remcos,Attachment,5
9/27/2025,Nota fiscal referente ao pedido 1947; r15 -> phantomstealer,Attachment,2
darkcloud, 025c1d273e83a5e44c7a0aedb9eab452198e764b927d02463fa9c9c3bc0d3a2b, mail.zhongyou.org
darkcloud, 0c4ddbd6eaf2b8f542d80ac82433f743b694a637a508ed91c4b4a1d5a0996f7c, mail.desertforestllc.ae
darkcloud, 40eef915ba2a07c79245cf756df19409e4ec1aedb063d7a2c7bc9e587d4951d8, https://api.telegram.org/bot8365645575
darkcloud, 53855fe3a5c31ae94a3bfea7892bfa98e0da861a62000863d47ee25eb4a3e4de, https://api.telegram.org/bot8365645575
darkcloud, f13039143d51037059a436504ead9c3100cb9e500f02cc7e43055c93c0ed9597, https://api.telegram.org/bot8465292288
darktortilla-xworm, be24a2b0dad597b634cc1e5e59b8739ebccb87f2eaffa6a952f02c8933e420ce, petro4prime.ydns.eu:5909
guloader-masslogger, 1ba170ab165a3a134d7328c275ca25cbabc37eaf2779c8cb04de4b4d9a42d3fb, mail.lodenrandmarines.com
lokibot, ccb75029aff3e5f012122d38f5a73392301c2ac18b8144da691340f89879b599, http://kbfvzoboss.bid/alien/fre.php
originlogger, dc49aeec5bb4764842104e24b3904378d4ce5c8a1a9f73df7d318dd40a2df303, mail.peakeg.com
phantomstealer, 122ce2c88c8be8e67efafc15d1458811c6b052a315cc4e75e8f0f050859fce47, https://api.telegram.org/bot8144539800
phantomstealer, b31084837bcfd507c18495ea053b0b234b06404e5c97b527866a8e43268c4c59, mail.taikei-rmc-co.biz
remcos, 0f6af71e4ab5a6475da3d5e7d5b570e62075636506b7f1bec3d0234428d86266, 103.67.163.29:2404
remcos, 1519c35519813943ccd719d66d625a356627b5cfd9e5b21314dafc5c0d6d29c8, nnamoograce.duckdns.org:29444
remcos, 4558b85000c0cb3a7038087f80c606cfd08e724d06532fb95301d8dd564bec91, nnamoograce.duckdns.org:29444
remcos, 9093c00dccefc39a0e8b1dc1a7333ebf3a0ccf38371d646a036fcf03f64042be, 212.162.149.164:443
remcos, 9e78e9fe1051d21e27a8b637b8b8a096623a0a0880de1e46bf07e3bd036e8914, 5.206.227.234:2404
remcos, bfaaf672b1741b950b48b3f2296d79bf38c18bc8f14fd1b38905721299811386, 45.221.64.233:465
remcos, eaf004bc6b3be63cb19e34ad0375a1fdad0268aef279469bc135179d19372dbe, nnamoograce.duckdns.org:29444
remcos-snakekeylogger, d5a570481841b1d87e060de662e0d98cd76f77ecea5e4717085a40b0327c083d, nnamoograce.duckdns.org:29444
snakekeylogger, f8343679b868073000380e233f32b10a04a9b4f3e28e7eb7bf58107566f9043c, mail.onionmail.org
vipkeylogger, 09197780e4de9aa1abaa44d580b3102138c6d3a03ab46b518f88f8c40dc882df, mail.abimbolaconsults.com
vipkeylogger, 14d5d6c323c724bfb47adf08092eb37799921d3d9a498b188db8f9333d0a4462, mail.focalipalet.com
vipkeylogger, 1a55124cad879fa3edb5204b63b02734f5a35d33020105d93bc31fd1127e5be3, mail.reliableenggworks.com
vipkeylogger, 1e8455c7bcbcc2f000b972418d0e193fcc0a022f330c9eea750bacf95b2493b4, https://api.telegram.org/bot8421018195
vipkeylogger, 2bd14b966dec6792a03cd2925460702e0a83da7d3d4b3461eac8f01c78cc1326, mail.sarahfoils.com
vipkeylogger, 2f76a21937582bd59783cab01437d029a6ccd52635e2a3f424831ad7e444e640, mail.sarahfoils.com
vipkeylogger, 7a50757a76ad41bbd4281b21ace5c940b49553896613c7460d41506acd3d94b3, mail.nuryak.com.tr
vipkeylogger, e6cddaa90f34e86f420cc29ab96b1ea12913dde07cc9fb3783092c8763f10d45, mail.gramar-wlodawa.pl
vipkeylogger, fac71d06df0d8f9ecb6d09a8ca4f6554bd2475dad68cffd871dbdfc9f00d34ee, mail.sarahfoils.com
xloader, 046ca2dc433d9474ce7222ad4f6c0aa89a3caaab42e6c3c76f260a6c2ff241c8, www.xpressnet.xyz/0fu5
xloader, 0ef28af627a20a5be581f8dc7bff948415a909ad482ed18fdc4554902d20091f, www.7uu9h4.vip
xloader, 1bfabcd7bd0dd5f3e9220b42c0457f89282ed0168d0f69d7b1af008c81d3ef2b, www.maxboxbrasil.shop
xloader, 1f4c64a89359f2696f2e7d3b77f7a5eddfc95624d4b3d2648089095915c60214, http://www.bhl55.xyz/zg1r/
xloader, 47f572b79047a00288b5160b8c466127c1fb187f4d7ab99a1865b2f41468d547, www.raginput.xyz/tf36
xloader, 497cd35625ffd8d8be570f5c34efb26ededbe6b093a4674292212637cf343c93, www.rackabsiqus.net
xloader, 49bd384debc931411af5b08d6f0842cb4d4abdbcd63a75c95d8285b5e4139167, www.opinion4.cash/s49v
xloader, 58b6d339685af19c4ff7e2743c6a4becb48b6ec76ce138ff1e77cffea80bea36, www.lp9l3a.top/ysiz
xloader, 5bde0d544f8221f3ad9a68b869c863539d8fe3a5f8f519bd7f0f2ac9f4500486, www.rackabsiqus.net
xloader, 611800d260a261ca41759e9c79312cdabe2529bc8fe362f296b348c5fa1a5c09, www.puzhen.xyz/8lr2
xloader, 7cae6766c6772f6d335043becb1ff4927371c0090d249c11ebe6f6fe7d810b7c, www.brrobu.vip/3y65
xloader, 8fff303bfb9bfb67bbff7b1aabf41637887276d5e8b3d5763fb7c559c2ca581c, www.rackabsiqus.net
xloader, 9a85868fada912b766b75721172bd8d3c741cb29811490fd8e9f53832712fe89, www.devmarmermer.online/scb2
xloader, a126fd91ee17af2166dd27cde3d5ea324c4634f87993c3ab03706c708ab6a63c, http://www.omni-pet.com.tw/5t0l/
xloader, a5c2665f636b4100dff72208791a1438291a6b10a798ddbb2c3bb5ba1983ccdc, www.rackabsiqus.net
xloader, afcc401404ec5b001aeb0a9eb2ac93c7c282c969a76d36d17b1ded713ccfdd3f, http://www.brrobu.vip/3y65/
xloader, b054037fd96fb4b33501a672ba26d0eebdc03061cbfdeb203e1f518d2eed552b, www.apptudemo.online/xr67
xloader, b498807992cd0b5e151f3788ab97e7fb4f4381ce96ee7f80a0397ca9383db96f, www.symbolx.xyz/cefm
xloader, bf6b05046f6f42ec4bcbf6d657990549c16809e48165607457d924d3e93d3a97, http://www.brrobu.vip/3y65/
xloader, c948ad083bfa08ede99c76cdafa83866cb46983cbbe0df5aba6f9bebfe4abaf5, www.qcarmoring.net/xl98
xloader, cc65788b0b15cdee3e9c1f9fc6dd4e5ed6d2f7148dee2cf067165fa82d0bda10, http://www.omni-pet.com.tw/5t0l/
xloader, cc65788b0b15cdee3e9c1f9fc6dd4e5ed6d2f7148dee2cf067165fa82d0bda10, www.lotto.pl/isxn
xloader, d5524fe820bb5053c55848f1b832179009569460a9879337458502b4c10c8195, www.creditbtc.xyz/7y3q
xloader, d7c64324b4f2b0aeccd0c12346788a52852bb31199174ec6f699a4f0dc4fee8a, btt.app/ol06
xloader, e1f4bf968e975bdb45e48107ef68200d53e96ee2598b44e1f424ab7e298b4e52, euenviiodiigiital.shop/ol06
xloader, e24f9120926562202bcf833069ec53ebed149c15eaed1a6e340a8c984787b9c5, www.pure-t.ru/2hbc
xloader, e73f1c0e4b1d2b71d29729b0a2bcc592511aa83ed7f66ce85d5e8a0ee92ea072, www.movieagency.xyz/974g
xloader, e8ac0f1c567b0f90ebd42d248f3b9aad0afe8c0e2ee927b5a1cec88fa61eda56, www.epinstock.xyz
xworm, 6b2ef374ac650c3624e17bef81fa74572d4cf67bf815a8927447aba4c5da9d00, 185.157.163.140:60875
xworm, b0419955fb3d6e0e0da21a87aa0d1ee1b8aa3818c1f28bb9003273b0ec7cda5a, berlin101.com
[email protected]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment