Created
September 3, 2025 13:55
-
-
Save silence-is-best/fe83da37dd3067acd817b21b85eb2692 to your computer and use it in GitHub Desktop.
August Malspam Campaigns
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Details,Email Payload Type,Users Targeted | |
| 8/3/2025,Re: SmartTec : PO Payment; tar -> dbatloader-remcos,Attachment,6 | |
| 8/3/2025,PFI: SHIPMENT FROM INCEPTA // 56 CTNS; zip -> snakekeylogger,Attachment,3 | |
| 8/4/2025,New Order PO#86637 01/08/2025; vbs -> originlogger,Attachment,3 | |
| 8/6/2025,INVOICE CONFIRMATION; 7z -> xloader,Attachment,2 | |
| 8/6/2025,Inquiry; zip -> darkvision,Attachment,2 | |
| 8/6/2025,Attachment name is quotation.gz; -> xloader,Attachment,2 | |
| 8/6/2025,RE: New Order - PO/2025; gz -> snakekeylogger,Attachment,2 | |
| 8/7/2025,Attachment name is Past Due Invoice.zip; zip -> vipkeylogger,Attachment,8 | |
| 8/9/2025,PAGO; uue -> darkvision,Attachment,2 | |
| 8/11/2025,RE: BD3/2037/19 Inquiry Request for 305x305x97; 001 -> originlogger,Attachment,2 | |
| 8/13/2025,Re: Re: BEARING AND SPROCKET (PARKING LIST); zip -> xloader,Attachment,4 | |
| 8/13/2025,RE: SOA for payment 14.08.2025; z -> vipkeylogger,Attachment,4 | |
| 8/18/2025,Invoice n�112/2207/ n�113/2210; z -> snakekeylogger,Attachment,4 | |
| 8/20/2025,Your drum is ready for shippment !!!; zip -> vhd -> lnk -> tar -> bat -> zip -> asyncrat,Attachment,2 | |
| 8/20/2025,Quote--FL202306200039 SWP Inquiry no. 2023-1981; zip -> vipkeylogger,Attachment,4 | |
| 8/25/2025, Fwd: Payment Advice - Advice Ref:[A22D4YdWsbE4] / Priority payment; z -> vipkeylogger,Attachment,8 | |
| asyncrat, 315317e046e7633369e70b5da2055f670a0131d6635a28758fbdb5f98010993d, chongmei33.publicvm.com:2703 | |
| darkcloud, 255f2855810e99bf8b6f1ff7cd5b5920737ee19210d53e01f5de4302d75b3ade, [email protected] | |
| darkcloud, 6e135160c22ee220839ecc04ed6f325f75b04869763dede90bb0a35811ccb32c, https://api.telegram.org/bot7309864410 | |
| darkvision, 12b3d39284068b43a531f79489480aa1d966b3b57fadde97306fde9ad498fc17, educare1.ddns.net | |
| darkvision, 2a59b5935e01dd4cd79ae401fdb666cf096ea8e793b6fea73c7602471e961f04, educare1.ddns.net | |
| darkvision, 5629af2b4df3e8ab256a51aac6184f348dac87e7f6cdd618632d3b45b8f87be9, educare1.ddns.net | |
| darkvision, 64728f6f47f8231a92600c2f37f11a1199e2f9fa4659d471ba5899ff80473c32, educare1,ddns.net | |
| dbatloader-remcos, 464da3f078966db3e365cd99e319ed09c1e2181bfad974bb317283477f7ec301, 93.127.160.198:2021 | |
| guloader-remcos, fd65b619038083e97b9c9de9ef7bc3e4d9ae2bd68dce99a95e3c9cc2c7234fa1, 196.251.117.170:2404 | |
| guloader-vipkeylogger, db79ea557e385d3604d3aa221eb3078a16b694910a01337d7b3388e67b1ead94, https://api.telegram.org/bot8249175968 | |
| masslogger, 3f36470c8de5dce133dd63e3072f9abf88f1676a57455d395cf8b5c09f5f627e, cphost14.qhoster.net | |
| originlogger, 009f403a7037dfda001e8d151f70e552ac6f09f1485cf12ec82dd34c6f25c851, mail.uniworldrivercruises-co.uk | |
| originlogger, 3309a024a0201382d31e4e0f37159a30b717f06f3641b9fe51a5a5d61eee0808, mail.nasserbutiadvocates.ae | |
| originlogger, 373e2de5a86643443e0a31987c68a69a9c0c816b08becedc61d8a1a3aa6902c2, mail.nasserbutiadvocates.ae | |
| originlogger, 4c9768aebe51831c5f0403e5b4757dede1c53b6395cea328920267b23eaa6280, mail.nasserbutiadvocates.ae | |
| originlogger, 5885dbee75437bb8e608840aa4cebc3c81652b4998babf704ac5890718186d1e, mail.nasserbutiadvocates.ae | |
| originlogger, 5c790bab5210fff2bb8a07582bf833c4653795d1d54bcf2df99274e85dbd7e96, mail.nasserbutiadvocates.ae | |
| originlogger, 6f9e7f2f753573b0f2686c72dfb4bd2c174cb5ae9e435f36bb9f4b87145df44a, mail.nasserbutiadvocates.ae | |
| originlogger, b4d8d2fa3c9abd1d40d80519cb058e1bb5fc2fc30448d47395dd9de1ce479a08, smtp.privateemail.com | |
| originlogger, b87a9cfde8da07e2c8d391911ba9350ecf8c8b020e934aa8d63ecc5d732021e9, mail.uniworldrivercruises-co.uk | |
| originlogger, bdd6a6c3625c13560f610c7265fca6d99d53cef86054269da6c84c5dfd808539, mail.dndmelectrical.co.za | |
| originlogger, cbf1ad5e6e1957e0015cec2ed9689a271df61b00e00e44684add564482531e73, mail.nasserbutiadvocates.ae | |
| originlogger, d1e54c22764dbc9a243d2c71d2ba5984d2930a4f5964605dc62245c147263b3a, mail.nasserbutiadvocates.ae | |
| originlogger, e5bad31b8bdb0f1538bc57d5163c1d9fe7832ba4d845af3b497c37bdf416fa7c, mail.gunsaldi.com | |
| purelogs, ca5b85e2100535294f607ba63fa782b2652397c1c1258fb0d15ad256a6f779e5, 172.94.96.90:8080 | |
| remcos, 020086975001e27c95565f8040b7e637fbee03497b950f8c0cae4ed7a3d1074f, 212.162.149.164:443 | |
| remcos, 52c2aa3e3c2187427de2e2865cb211f83b6bd6e8465085e1066b1d229bf67f4b, 172.245.4.224:2404 | |
| remcos, 60b03715110803f0011012a2dec030f5c404634be067588c74817b25a36b32c0, 160.25.73.206:2404 | |
| remcos, 94d359b58ad8043b411eb3b9ca8f983a1f4eb3f732a92e8a8c92c5432499d907, vestcast.co | |
| remcos, a4a77ba60fd4b409707b1d363d20509eb3b4b527789eec5b6f4c874bc20576ac, vestcast.co:2490 | |
| reverseloader-purehvnc, e5807f8eaca281b4206a642394c5d481017d8f040b84655e62ba6be71014da87, 45.221.64.219:8888 | |
| snakekeylogger, 10b08331fe0140164426eb9c6f8c575fd87136e5d8282bfbb6eaf5b3b74126c2, mail.nirmanpower.org | |
| snakekeylogger, 14fc010bba506071a73611d32fd83f0cb181f0ed6d7675f736000c7cd2c4b6cf, mail.fgiltd.com.pk | |
| snakekeylogger, 1b218216a2ba0ddd30211beaae5240356831cc8854414f6788e6d9775f1228ec, mail.crescenttrack.com | |
| snakekeylogger, 2c7de71de889aafad05239bce7583f33677e527b1b12f30c313351fb8844af17, mail.nirmanpower.org | |
| snakekeylogger, 521177d8965d185e0efe67a7927418f16413b5cd8ad4673a91a9a6fa65e233b8, mail.fgiltd.com.pk | |
| snakekeylogger, 8e38f72d836fa35dae666fda6088a14dcaa73a9fa7ffb3f27cfa7239c87d2e6a, mail.nirmanpower.org | |
| snakekeylogger, 972ece5add8a094238a2c6e22d35bbcb55df64eb2e91eb6ac326c5a5c92a35d7, mail.famousdesignltd.com | |
| snakekeylogger, b30f6116edaa833dad6e5b3f1816709354c60f930e76800dde1fd087c53fe24e, mail.v5infotech.com | |
| snakekeylogger, bae9135e4f7adf5a2727eca0c3495a25757c1e23a97b2986458c018d2e101636, mail.anemregy.me | |
| snakekeylogger, bbeb60069be1fdb21ef420628bb1294bcdac1441d29cf3c91cbc2dfd7e7e07c1, mail.nirmanpower.org | |
| snakekeylogger, bf45bbe917dd1e7c59e175293a0adc832e108e7307a7374c424d7d4c94704815, mail.fgiltd.com.pk | |
| snakekeylogger, c43e60dd4fe89c7a4927b13c24972ff021986196b1fafa40e9cdc5ce81b0db5b, mail.tuncaykurtmakina.com | |
| snakekeylogger, c4ab8e123a4d26922e601a27721f3fb452842c2e1d953f289fae42fc2ac8fbbf, mail.nirmanpower.org | |
| snakekeylogger, e3a1076bc819a7967b616eb85e94e85fe05d62133757d99b6f2a2585fa78a61b, mail.fgiltd.com.pk | |
| snakekeylogger, e41b1a8d6eb643951f3d5b4bdfc22f615856e0d354da62ad32394e686f74cf84, mail.famousdesignltd.com | |
| snakekeylogger, f33b4c93781c14708aa075e083392fc19ba00766dee11a9e399ab38cc9963373, mail.tuncaykurtmakina.com | |
| vipkeylogger, 002585316177e9664ffa01736bb8891deffa88bcb6eaed8bb04ef18946bf4526, mail.bottomup.co.ke | |
| vipkeylogger, 2859b17355ef33a6ea0a639ce6be65c279f63e446ceed134999619893667ee9a, mail.privateemail.com | |
| vipkeylogger, 2cffa345bef02044e2462f4c02075e67bbe742b44c18916715cad3071f015903, mail.ounelec.com | |
| vipkeylogger, 2d769adf67702dc9b6b6502c237013557cda9848d3d11de25ea30031c368e895, mail.bottomup.co.ke | |
| vipkeylogger, 3c70bbdd7f6aacc7a838b44298ce7a2bf0d21b488c41934839b720dd600c12c5, https://api.telegram.org/bot7352357698 | |
| vipkeylogger, 3e3252187226e6f06932f3d842768564c2f269c2264a99900055fe6bb0568294, https://api.telegram.org/bot7352357698 | |
| vipkeylogger, 3f46a75587e018a147f031be7f79a40aced7c86a6d1313fd34df8cdafec90376, mail.privateemail.com | |
| vipkeylogger, 6dfd8a72f4d4d7ed38ac75342f99d74a1a96441f886b51c54d41760761c47e92, mail.bottomup.co.ke | |
| vipkeylogger, 7c570b8b4d6d3a57d84b6a9b9f57860f542608346b2cf54d6f8d4e8f2710dc1a, mail.privateemail.com | |
| vipkeylogger, 8b11fcca89381e3f89964db156074fb4d4a00a5b0963010fd9396a2463e84034, mail.saleo-gomel.by | |
| vipkeylogger, 9fb1204c8710eeef8644149f9ab0c670f7eb65ba4ca3465ed5abb7b8c569f1ff, mail.bottomup.co.ke | |
| vipkeylogger, a5e22d2f663271d4197e2fc2dc6cfdbdb7a1daa153b3a19d370c41cb586d200e, mail.bottomup.co.ke | |
| vipkeylogger, a5e476d200756c839d40eaa23ad1947e021b5c5738200f0b6003306ebc1f0fd2, mail.crescenttrack.com | |
| vipkeylogger, a7f7a2ba4874202dd3c17d81618c0f5f03421b13fe9b48a81f475025f97f2fd3, mail.tuncaykurtmakina.com | |
| vipkeylogger, b89ac159c50e85f4f66fb3a0295504fd885b1d6acc96159cf1e4c5886d0afbb9, mail.skagrawal.co.in | |
| vipkeylogger, d9b561166f1a4217a18c9af81de9dbf9df53a86747993a7c931535761df37f42, mail.privateemail.com | |
| vipkeylogger, dfb47b0d9362c1584332c02f37e614f8e54a3f9956cc3df38dbacd20c40c4db5, mail.tuncaykurtmakina.com | |
| vipkeylogger, e724f7ec302b8cddd5e0dcf3f3a53df5f465b3b938f1e84effb4fa781eb7abe5, mail.crescenttrack.com | |
| vipkeylogger, e9b41f0fbd640613e949417dfe2cc1835e4458e1c20c766b0331274da1f53c79, mail.tuncaykurtmakina.com | |
| vipkeylogger, eb93294abe8d7afffa66b6d07a7dd990849a1a342f2c9096f54105db26592f1f, mail.privateemail.com | |
| vipkeylogger, ed67e313856d24ddff3ab5d32f7c008091dba877cc81c20f231915ddc47aa495, mail.privateemail.com | |
| vipkeylogger, f1e1ef23d311c13acde5cf825d3d3857e2fdb688fa97008569ce5fcf37d26d1a, mail.crescenttrack.com | |
| xloader, 06d5bfed18022379c656181afe8974cfc3746755a02b1bcb9979ce6632426147, www.thornsw.online/epwj | |
| xloader, 0e5ca2f31f00e3aa1eacf918dc957e020d92f8d0198dad5766afb3f101a117d4, www.g732b1.top | |
| xloader, 120449b84850ba5b41e73f85e2f178271dd1cd0b8743f1e5af6ef760aa39b199, www.g732b1.top/22rx/ | |
| xloader, 2c35c24bdd434cf329bb45dce96e7499cdd231f182c9e679a01770fc006aac69, http://www.sanduk.xyz/bdxc/ | |
| xloader, 3645c06970210b79497c43087a250f575d11106851521861c8b068e434c280f7, www.loursblanc.shop | |
| xloader, 4caa9777053748e8ee0190b4056f93e1cc6506c212c06c67622c0cf6f476665b, www.royalfood.shop/5eia | |
| xloader, 6a11ab33aa16d2d8ba08cb3c6edb5e0613c1d459287261ecd907f9359068cbc8, http://www.040512.xyz/arwg | |
| xloader, 6dd876657514ae7388426ab3bc2523b4322f581dbde93691d9e388085fdd0ec9, www.g732b1.top | |
| xloader, 76692d50ea8233a8ca9d3f9a89890d9a2149f0ff9859476920ed3ffc84c63f64, www.stratoconsulting.tech/re1n | |
| xloader, 7985153dc2af7367f7fe52681b56550e7976810b01c548cf62e59dd4490c6198, www.fundingwithdraw.xyz | |
| xloader, 9538c650eee9f57c5927c90dbeb4e37b9b84ac157f49e2aebf182cb1258e3f5b, http://www.g732b1.top/22rx | |
| xloader, a0cdffded083ccadb44b6b7841cd16580cf4638a573d2684134181dca7462d3a, www.royalfood.shop/5eia | |
| xloader, af6376d7d5de38d0d7acf754db0d4c4f77ba49a48eb1cb4d240b16d3725d58dc, www.epinstock.xyz | |
| xloader, affbb0db85505a477fad583411e0361f0502ef4d9c46059da31ca85eb0e0b5d6, www.prestigeapp.xyz/x6s2 | |
| xloader, b0be564eb26f9cf2f58ea450d43194f3a4fb7dd2ca16375e3ecbfd636e5e7c13, www.loursblanc.shop | |
| xloader, b27f17a52b7a491a0887307a8e4984f283b8076c1e49d535863068c51758c8bc, www.fundingwithdraw.xyz | |
| xloader, b8a9598e5ab9a3cc65d1e011d01223128c6e6ce2dafe3409d33ac212a5192b82, www.fundingwithdraw.xyz | |
| xloader, d44959e93dc687dfdb0c21412c5adafe83b051e8f6f75b1063f77444b8997aa9, www.loursblanc.shop | |
| xloader, e598b89b04fa29abdfdad5eca57c05401680597c5999160bc2963bcb5c2cf4f3, www.loursblanc.shop | |
| xloader, ea7b3b903fc3399683cd6e96898837f6c89cff99877af7d994e678bf6de6f52d, www.g732b1.top/22rx | |
| xworm, 8c7d7ecf7d126cd76989d070d1b2391585ef1d689d3ffb0dcaab197c21d3820e, 193.187.91.217:60875 | |
| xworm, ad88b25d49a6a6ba7653b8b65abaef435a751570ee5628daa78d232899c6942c, arch.wfc-steel.com | |
| xworm, ccf29345b53dd399ee1a1561e99871b2d29219682392e601002099df77c18709, 193.187.91.217 | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment