Created
August 4, 2025 17:06
-
-
Save silence-is-best/a2b497e7cf1d6998045ed00f35ac43ac to your computer and use it in GitHub Desktop.
July Malspam Campaigns
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date Details Email Payload Type Users Targeted | |
| 7/2/2025 New Order Inquiry; zip -> Attachment 23 | |
| 7/2/2025 kindly quote your best price for the; zip -> xloader Attachment 4 | |
| 7/3/2025 Payment Invoice Receipt; rar -> js -> xworm Attachment 2 | |
| 7/3/2025 NEW ORDER--GO23B005XXXX025; 7z -> purecryptor Attachment 2 | |
| 7/8/2025 Elite shipment; z -> xloader Attachment 8 | |
| 7/9/2025 Verify your bank details for our payment; rar -> xloader Attachment 9 | |
| 7/10/2025 Evergreen Invoice No. : 25205986 Ref-no: <<A7_FR787BSY.CNT>>; z -> vipkeylogger Attachment 4 | |
| 7/10/2025 RE: Final Shipping Documents; zip -> snakekeylogger continued to 7/11 Attachment 5 | |
| 7/11/2025 UNPAID INVOICE REMINDER - LionsHome GmbH - Invoice No. 2025-06-839; rar -> xloader continued to 7/22 Attachment 18 | |
| 7/14/2025 Techno-Commercial Budgetary Enquiry for Chemical Dosing Packages; rar -> xloader Attachment 9 | |
| 7/16/2025 RE: Purchase order; zip -> vipkeylogger Attachment 3 | |
| 7/17/2025 PAYMENT- PO 25.034 - KTR X MERCURY; z -> vipkeylogger Attachment 4 | |
| 7/20/2025 RFQ for Material and Equipment Supply-LAUGFS groups PR NO: 1024001116; rar -> remcos Attachment 6 | |
| 7/20/2025 Overdue payment reminder; z -> vipkeylogger Attachment 4 | |
| 7/20/2025 Re: Quotation; zip -> xloader Attachment 4 | |
| 7/21/2025 ARRIVAL NOTICE / ETA: 28 JULY 2025 / CGLYNI25060014; gz -> remcos Attachment 4 | |
| 7/22/2025 PAYMENT- 25.034; z -> snakekeylogger Attachment 12 | |
| 7/22/2025 ITB: 2025-23-07- RUWAIS_LNG - 1321-1051_EQUIPMENT_MATERIALS_ADNOC; rar -> xloader Attachment 9 | |
| 7/23/2025 Re: payment of $6600; z -> vipkeylogger Attachment 8 | |
| 7/24/2025 RE: Request for Quotation; zip -> vipkeylogger Attachment 3 | |
| 7/25/2025 RE: PURCHASE ORDER 121120; zip -> vipkeylogger Attachment 5 | |
| 7/25/2025 Stok Hk._Ankutsan Grup //-KDV; bz -> vipkeylogger Attachment 2 | |
| 7/29/2025 Sender is [email protected]; docx -> rtf -> vbs -> dll -> xloader Attachment 3 | |
| 7/30/2025 [August 2025] HMM Europe Line Sailing Schedule 6.0; z -> vip keylogger Attachment 4 | |
| 7/31/2025 RE: STATEMENT OF ACCOUNT - HMM SHANGHAI - DATED 31/7/2025; z -> vipkeylogger Attachment 4 | |
| darkcloud, 0db5f6cf0d7354324d546d25916af4404b5bacbab04cae8898a7a99fce90952c, https://api.telegram.org/bot6852270017 | |
| darkcloud, 4eb5bc1c99ed6c8d62fee78451c21aa83418a95171dc596765af1a35ed69d10a, https://api.telegram.org/bot6852270017 | |
| darkcloud, 5dc3ed48d4f6a94c543a43f80b7df4136d1c6b8e5871f95212437c1ff0f69f31, https://api.telegram.org/bot6852270017 | |
| darkcloud, c6cd12aefb61eadf7e46c05de445a63dd5ab74d46b28495f3136c64c93513e0c, https://api.telegram.org/bot8106279766 | |
| darkvision, 1705952af84e870d660ab12b4e39198bcb8525aa9cecd009c52d16e22dc963d6, educare1.ddns.net | |
| darkvision, c955f8ad1fc411f7cbfce62ff7b8c6fa72f94f8f17eeff6fbecdb2f13e0b4c89, educare1.ddns.net | |
| guloader-vipkeylogger, 80efc806053cc3dda484f4726934e2110a20b2e870728665562ebf6b34804463, https://api.telegram.org/bot7913834141 | |
| modiloader-remcos, 1361ec5edf9d9f8d6abf071a4303cfce88459b8b3b086cc7f0c7aed4034a501d, 45.133.174.35:2404 | |
| modiloader-remcos, 78c40d88491b5fc84ab86b0d2e0c3acae2a6cd35cf1026e8ae35513b746965df, www.basetitanuim.com:2404 | |
| originlogger, 02885088d11eeaf0ce641f961c2e366d0de68b4bcf7f0aaa7fabcaa0046adf14, ftp://ftp.rvoccte.com | |
| originlogger, 05312d53d7f0968141efdd6ac8af8d39e4b52b724d372eff324cf93f549d536c, mail.nasserbutiadvocates.ae | |
| originlogger, 16e430beb3a6af638bdbe4105bcdbd381b0638d949b55fc36cb4829e858e26d4, cphost14.qhoster.net | |
| originlogger, 6df211cec917dee777c14035f12e42094bebbea71292acbf7dbc148cc4f5c9f3, cphost14.qhoster.net | |
| originlogger, 7cd4a13ee2c96269b007c40b1e9ecb41484001dc576773ec60cffa4072693e85, cphost14.qhoster.net | |
| originlogger, 87758330a8cc03f773419e5aed4c9d93af8073e2065d278bd647574b50ac2c4f, premium707.web-hosting.com | |
| originlogger, 990e4bf7ddc2b2f3481110b51bdd9dd0ee88308018007dae16f9dc1628f29af4, cphost14.qhoster.net | |
| originlogger, ce2a1e75336f3a8a1538a0019aaeeeaa3b69ee6fb86d4427b17d7d985fce4901, premium707.web-hosting.com | |
| originlogger, e91e804d32576f97f54cda9dd4134e8cf630fb527a14213e1974ddb15fa1473d, mail.nasserbutiadvocates.ae | |
| purecryptor, b0a3d5d23b58a7a3d2229a5c2c7db9f978f54f3a3060c5e7084dac743c8a264a, 185.249.198.213 | |
| purecryptor, dde8e774dc164b29b83a9e034ad0353d324c17a4bd406105c31f9250c9c2cd85, 185.249.198.213:8088 | |
| remcos, 27f53d2b44682a7c59cdb0a74f4f38cf9e32b2510cf44b6cc4c8bf144c4cd4d9, 160.25.73.206 | |
| remcos, 8c9084133b3d9cf46b8f3b9447c38f4e0fe509c299f496ea9a755baaf4aac467, moneycomenow.sbs:2490 | |
| remcos, c9da21d05843d54922d10a1cb421be65c379e9c21d9b7e0dba5b4c6922ad6739, luciphas.xyz:5909 | |
| remcos, dd2a222bdd0481c01194b7ecc4f3f0ef1f03ed74990d8379ec648a4ad10d12ff, 45.62.170.181:2404 | |
| skuld, 21b6032ef9339020f9d1c0c290153402775948bad242e24f5473b6aa89b45b69, https://discord.com/api/webhooks/1387090487722250390 | |
| snakekeylogger, 014ee41d90df6e526cea748ba3bd856878ec77b04cb3feefb34c0a6795114f93, mail.mmacompetent.com | |
| snakekeylogger, 08dea01a763865a126c2b5578f2d13b8057003aee4634aaafedbb3cbfd89cbd9, https://api.telegram.org/bot7935758674 | |
| snakekeylogger, 15e19eda2cf314425e546b7bb80973a50ef54dd61c3ae1f02c59b61e8e8ff2b3, mail.mmacompetent.com | |
| snakekeylogger, 33dc4a47c1780972c400cdc216feb33fce06f737ba2017437f68029b77003556, mail.famousdesignltd.com | |
| snakekeylogger, 35e45f4455fbe1088ff67771510e5d3f96c295937d27c0b144faee2b50bfe503, https://api.telegram.org/bot8191743846 | |
| snakekeylogger, 392b69ef0ccabbf63cf49c66162d2b8c798fb2f09881c0e55f8430d095474551, MAIL.onionmail.org | |
| snakekeylogger, 578dad33247694dc20d606e643cb10ee16d98b87baa1e888e688877baae38bc9, mail.leapvault.com | |
| snakekeylogger, 5d3dc08339693c214992ebe40fd761c9556df44f9b260c939f2d1b42667aaf31, mail.famousdesignltd.com | |
| snakekeylogger, 5e5af3e084fb661d354288734bbfa262f5b4dc1d92f553d25437eaed90ae8caf, https://api.telegram.org/bot8007481278 | |
| snakekeylogger, 6048fe526cff02683f2f4b10bfe8781801e0e69d781201fced14299ce03d93a5, mail.famousdesignltd.com | |
| snakekeylogger, 606e4b95499f684b65e8ef26db93302bcfad69c905fb47e4b83a63e5e844f7cc, https://api.telegram.org/bot8191743846 | |
| snakekeylogger, 6ded092326d2f9950c694836626f2a39a3cae24fe66275bbb8856666e167adb4, mail.famousdesignltd.com | |
| snakekeylogger, 766914aab65f18ce33926535efb4f925d4fe70bb34d4df65b002bfa7b31a083a, https://api.telegram.org/bot7837000006 | |
| snakekeylogger, 7ce5738f1af3650ac6269d18c2fcfd56e9d0dc520f66d0dce2c79df9eb65df5f, mail.orcashipping.ro | |
| snakekeylogger, 8df390f196fab73f2bae64890816a0045d987cdb9bdee34a2fddb504dfe82234, MAIL.onionmail.org | |
| snakekeylogger, 8f8421c7da42684b2bc1303af26cc656851ddb17facd21ef55c6173af960664e, mail.tpc-projects.com | |
| snakekeylogger, 9e621a704ce21860890b4fb94903908f66a6926e8cfc85a32615b241da33fd7d, fgiltd.com.pk | |
| snakekeylogger, b4d5d9f82cc657fc2aa0c43796129c46b0119a855393a1c411d3a4e71a6df70e, https://api.telegram.org/bot7837000006 | |
| snakekeylogger, b8b4021394c9823ce105f92ac6ec4b6aed630606add64945b9b3f8f73d561316, mail.famousdesignltd.com | |
| snakekeylogger, cc0c4c3bb64377148692edcf600eb488ca841d764ca3c53f78cec9784132a5ef, https://api.telegram.org/bot7837000006 | |
| snakekeylogger, cefcd80dbfabf45c3bb328bef48009cf6ee153de7679d332c8f5b04f56275f15, mail.romextel.com | |
| snakekeylogger, e835ffa638389f41a1846535ab6d3c956aced147c3809b6993135e5d0a73e23d, mail.fgiltd.com.pk | |
| snakekeylogger, e8c55f45805066a63c2f467849f5e055b159faa1a818e458d1c78a76146b3a60, MAIL.onionmail.org | |
| snakekeylogger, eb7f6bd43749a4079e2ff502ace494ac226303de548061802933e86206b2fb0a, mail.famousdesignltd.com | |
| snakekeylogger, fe66ba50a2078a812dc55591644c8a23728096829bd88221c9c2a04454d79d5e, mail.famousdesignltd.com | |
| vipkeylogger, 05ddfe68f52650bb4edf167f1e37883c77dced2d90b57e4cad1d8e640dbf81bd, https://api.telegram.org/bot8048501078 | |
| vipkeylogger, 0f62a0bd2f5e4686de5392a0025e45d5b3d222eca4380d63f40010ef671a931a, mail.aktagor-prom.by | |
| vipkeylogger, 1610ae604cb2eaf62d9679bc3ab32c55d734f4ea027822f54a2586328d6debe8, mail.privateemail.com | |
| vipkeylogger, 2278589011ac08c34a0fc7eb9a116f7b348605a9ee28a5d8e1509394f4f35089, mail.rivalogistics.com | |
| vipkeylogger, 282c71a915fb16491ac0ca5e5bc43ec8079ebf6db203d880d2b40c6217782807, mail.eaglenetnigeria.com | |
| vipkeylogger, 2bf71ba0ff515a6b9e04bad7d0953335bd4d3d8b857f02d54f611a2319ad2f95, mail.privateemail.com | |
| vipkeylogger, 3257b7bb84593414de08c5f7050cb38f4b1cbaf3022705ac071974b720ba533b, mail.sarahfoils.com | |
| vipkeylogger, 4350dbe482fb5195748203ebc618d6b2f88218b02e4183e203dedebe7e0e94ef, https://api.telegram.org/bot8048501078 | |
| vipkeylogger, 458ac52092b96841fe90abb19a244969102a900f7c6b5199040bde55fc8b0317, mail.vtlogisticsvn.com | |
| vipkeylogger, 5ef6ec513cbff82ef5e357753db46627351be6fe83d83fe05485d06330735849, Server.lurstan.host | |
| vipkeylogger, 624f46db29045d2f0a16dd88f64ba2503febaadb7f0b721df054bbe7dbad23e9, https://api.telegram.org/bot7829436438 | |
| vipkeylogger, 6d0143dd66ca4f5b6d342c88feb3a564c81e18e3db7805c85e7f5895acb059bb, mail.sarahfoils.com | |
| vipkeylogger, 6efb5b284e5c36e0ebde123a65cd46944f3523992b64d9fdb4b12bbd834e121e, mail.vtlogisticsvn.com | |
| vipkeylogger, 717343b73e45e00fbad3040f385b36005435c0d9b6e0cd6ef78b0f4bd4cf2907, mail.benavidessuplidores.com | |
| vipkeylogger, 78ae05e4fa25ebe63c5368f050f53c0b363cf110e184be1d5d6646465c0c1cf5, https://api.telegram.org/bot8048501078 | |
| vipkeylogger, 78c91dfa31a75509e395f91851f05edcc46d8fadff48cd10990e8fc3fce07026, mail.eraglobal.id | |
| vipkeylogger, 7ffbc8a42a1ad362989b7098ecad4392f1c2a18f49a294932946ab99ac54368a, mail.endermekanik.com | |
| vipkeylogger, 81f16350767ce770055b3629bf915511bb0bd63fdea739d0bed336fa75f6b551, https://api.telegram.org/bot7829436438 | |
| vipkeylogger, 89a16f7c3f75f2a82e4bc1286ae89af239e3efeec7866588f709b3a8db48cb17, mail.airdryer.in | |
| vipkeylogger, 8f0e207db3ead508c0e0719056b67faae2a3b085bc04311b4a071bb80e443410, hosting2.ro.hostsailor.com | |
| vipkeylogger, 8f59ab17a29c57035493103d83e22f6f1ee15d33df4164fc69f47918f177cc1e, mail.rrcindia.co.in | |
| vipkeylogger, 9af58202dbabd34239bb5056f0ef66efee2eed1bf99b445140d14fa7114f586d, mail.privateemail.com | |
| vipkeylogger, a6a9b636acea176d2d225f18d8f28797631b1ce4c5b2e46ed4cbe18f1a71fa6e, mail.thelilyhotel.com | |
| vipkeylogger, a8561c312838771cf9a079cb93b31fe770796853a74b4306fd881e8dd4340479, https://api.telegram.org/bot7829436438 | |
| vipkeylogger, a8cdfa7e2c10da2b86a2c1824415310726630037cdb268ff2a40763aa811b632, mail.endermekanik.com | |
| vipkeylogger, ac26890abde7b2b18790a9b7be0eadc8813f1ad4196d7bfd2017dac68e9c0260, mail.privateemail.com | |
| vipkeylogger, b7b1ed68e613b5465324b715d04c711d03bfe54223b5dd450eef96d23ae9de96, mail.privateemail.com | |
| vipkeylogger, c3781a6a49bcffd2b8368caf5de812e0c87a13409b9365cb007f974e0534f5fc, mail.lastiksan.com.tr | |
| vipkeylogger, cb8416d5916dd7a960c8b243fb5fb893920b9ca5dff0f2f1a84688fa5c49edd4, mail.privateemail.com | |
| vipkeylogger, f2e0595463196470692945a3b90a3de2a8d4b22a5a3cef610c0a9bceedce3db1, mail.rrcindia.co.in | |
| vipkeylogger, f3bf4dee7ecf2a15821f6c4795d7babd7dec7969bc4e621c3952084e6ed0b911, mail.mmacompetent.com | |
| vipkeylogger, f9e4a4ff7421d3e2a5e19244f6550ee976d7ff6925aaf336cb0ef21a2935e777, webmail.benavidessuplidores.com | |
| vipkeylogger, ffc45b80b1fc40415c69b170cdf563b268bfb5653e17c83f6d3722b7f6cfe391, mail.privateemail.com | |
| wshrat, 3f0d968c3a68f5ac90789d1f0b0295c7f797ceacc448e64a295e37058bcad2d4, http://www.ambiopharmconsultingltd.com:1515/is-ready | |
| xloader, 007394ca59e466e0cbce46316408d0731c92f5db939684bc891519802832cbc2, www.ukinky.shop/gl9n | |
| xloader, 04622020a45463744984946bfd38f4bdc01af96087ac784a790db1f1009157ab, www.3333bet.website | |
| xloader, 071e191d022f1e75beec3be3ba714622666e90c43bff03fab6ea5f0e28d185da, www.dumasuite.info/zbmu | |
| xloader, 1db94a350a20336d6057a369c53c759b2c0485e2b1d6318fd85f37cf2e773dbb, http://www.sexyhso.shop/toga | |
| xloader, 1dd0021ea8fc63fd5576b92848053f8c125944f4aa28197693b11672223c881e, www.lp9l3a.top | |
| xloader, 225467899634b016ac58b9bb4bb3a49296d08400efdda9d60497f376bf851333, www.grandchem.online/ghuc | |
| xloader, 22d7ca89918de5ad403867dfc9b0fcae5f3f7c2b6f91cab12f1cc444fedd880b, www.qeme.studio/s2rx | |
| xloader, 263c4d83be7c20f55ab9353ce27796b48755fad1bc1c72e7b539f099ee20217c, www.ukinky.shop/gl9n | |
| xloader, 343bbc4543cdcc8cf6d91412d2ce1176457f3d7241c783e2425dd779476e016f, www.bttf.world//a79k | |
| xloader, 41a81d0764c58bbca4eb9b9af77d45783590531497955f8841c2f1749044d328, www.reggiadiportici.info/5kfq | |
| xloader, 5b0bda7f385391a16e5b1d95e4140ea3e8774f0d96f441027deea2d23cd032f1, www.imubqtus.pro/z0ut | |
| xloader, 6ae6baa3e8a078bd4ac1d387d45c3a069caa19b284fd55f22de95cbc47f44221, www.ukinky.shop/gl9n | |
| xloader, 6d8be0b733c9bbbf96b2ba43060a0c2bcbd3ff4d43d045e2f30b42bc20475032, www.igeam.net | |
| xloader, 7b210d6640552d12998eee72494c9560f1d626c9918c6abcbe9ec0c441c2bd0b, www.ukinky.shop/gl9n | |
| xloader, 825caca7729cb19432c87c581b6a16240d21f1f3903b81cc98184bd80aa01de2, www.royalfood.shop/5eia | |
| xloader, 9c482a3d9819df12b7a85d4930b40cb0006ca47006b8351279f8bbf1222f7eca, http://www.dgeneration.xyz/9qrh/ | |
| xloader, 9d8bc6fb9ddb97480ac23319c310b097c96c137d71807616bc6e59b19344d0ca, www.cagriseramik.xyz/bhyv | |
| xloader, 9ecaf7df193568c73d0069fcff681ce44e8ce79f17f402df0155e611047035ee, www.ukinky.shop/gl9n | |
| xloader, 9ffbfc64827a32593bdcff306f45afaaa69cda089c1b3ed28a8889d17dbf33d0, www.telearhfdech.digital | |
| xloader, a3721fdc1d4f9179cec068cac23a723fdf2bba91ab354811266d90defbcffc1f, http://www.apescommunity.xyz/2zw2/ | |
| xloader, b68daaa63d6f2935b3d341b2f665868ea568d2cfdce59d9440a830c34bd5e6fb, www.ukinky.shop/gl9n | |
| xloader, cad6df3e9a9ac2d74b5c5276ab7192b8b876cde19259b8a567c80e44362e898f, www.royalfood.shop/5eia | |
| xloader, cb6706b2fd7eddb2ce12edef732de44519085e4c31c7b01ab2b9b4dec8e2d819, www.odins.fun | |
| xloader, ebca27bc9d2e437fb45143cdefb2eb8768431e5a4680414329aeac642f0fabd1, http://www.homebdy.world/wkpg/ | |
| xloader, ec22dc6bd9f3c041b38773b2f365d66bf9fdb6a4f205e80744218f005bfef5ee, www.666moz.xyz/8ak7 | |
| xworm, 137ad8a9d3784ef9ae6429b6fcc3b1e7855a323c848e1d7532cae07c8b727179, 185.157.163.136:57143 | |
| xworm, 33f3ee11a5ee87c1e154b2f5fc4bd811a73327ebeb4ad20c901d1d29de3e0aca, voilt1984may.duckdns.org | |
| xworm, df5189d96b07518021b9cfb62e36f042f0b7615feb11ab66dd17e2978e65cf21, 213.209.150.171:5010 | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment