Skip to content

Instantly share code, notes, and snippets.

@silence-is-best

silence-is-best/gist:720a513ff366780662870bc0dd080ce3

Created January 5, 2026 15:47
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save silence-is-best/720a513ff366780662870bc0dd080ce3 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save silence-is-best/720a513ff366780662870bc0dd080ce3 to your computer and use it in GitHub Desktop.
Download ZIP
December Malspam Campaigns
Raw
gistfile1.txt
Date,Summary ,Details,Email Payload Type,Users Targeted
12/1/2025,Malicious email campaign; morning,Wire Payment Invoice; link -> msi -> screenconnect,Link,23
12/1/2025,Malicious email campaign; evening,Request for Quotation (RFQ) Attached Requisitions; zip -> xloader,Attachment,3
12/2/2025,Malicious email campaign; morning,Booking.com Invoice 1658768288; pdf -> link -> xworm -> asyncrat,Attachment,3
12/3/2025,Malicious email campaign; morning,December New Order; docx -> rtf -> xloader,Attachment,2
12/3/2025,Malicious email campaign; morning,Payment_Receipt_12/03/2025; link -> msi -> screenconnect,Link,2
12/5/2025,Malicious email campaign; evening,Payment Receipt; link -> screenconnect,Link,26
12/10/2025,Malicious email campaign; evening,MV ASL ILEANA/AGENCY FIXTURE NOTICE; rar -> snakekeylogger,Attachment,2
12/11/2025,Malicious email campaign; evening,Payment copy..; link -> msi -> screenconnect,Link,2
12/16/2025,Malicious email campaign; morning,Attachment name is 16202512...OC__dintec__________________________PDF.arj; arj -> expiro,Attachment,2
12/17/2025,Malicious email campaign; morning,You have a new caller; link -> screenconnect,Link,8
12/19/2025,Malicious email campaign; morning,Official Notice Tax Compliance Audit and Document Submission; zip|rar -> silverfox continued to 12/,Attachment,6
12/22/2026,Malicious email campaign; morning,Your Companys KYC / KYB Information Has Expired � Action Required; zip -> rustystealer,Attachment,2
12/23/2026,Malicious email campaign; morning,RE: SOA-12232025; rar -> xloader,Attachment,2
12/25/2026,Malicious email campaign; morning,MV SEA PRIDE APPOINTMENT // PDA REQUEST; zip -> donutloader,Attachment,2
12/26/2026,Malicious email campaign; morning,Invoice Issued Kindly Review; rar -> rustyloader,Attachment,6
darkcloud, 50c71afa31fe3c62455dc24549465973899721b6da6931be5245783d0103052b, https://api.telegram.org/bot8401278689
darkcloud, aaa8bf0cd32ebc28b46c337e6d91a4202434f7bdbeb1ddb7c8bb84e2d69f3ddd, https://api.telegram.org/bot8454388849
darkcloud, eb215719f1fb446b503a99ac8d143c9ecfe5d1408943f28d5ea62e51b7670321, mail.sourc3trade.com
darkcloud, f9f42e2c9d1ba70bbf9ba7addb14cdb312e1a98fc5476a692ac72928c155bad2, https://api.telegram.org/bot8401278689
expiro, 08c1857617a7b30f81a97a21c7b3cca99b8ad82ac868e932f8d7900f69c3d03e, gvijgjwkh.biz/wkhtiu
expiro, 11db48e01bd0fd9cf32441936f31d499ea1b29e804a10f5623a6b87709804e7f, http://knjghuig.biz/uwxfcg
expiro, 179bf1ea9f57a3a7c60cbba1eb40decf53239de71f475edc05d2354eb86689c6, lfhhhm.biz
expiro, 32c8a49ddda8b6a7021c234b6b9b0903140ca4d412e28af838dbae39567875ec, www.anpmnmxo.biz
expiro, 3b4c0ffd008a1987a70ccf8fd1ee45ad9478c11cc0544ab8cf1ada40a8ae2f91, qaynky.biz/yohtuadyx
expiro, ba4dd8d581d3ae9872935b5d6c014d89e40c7987b65c0fcfe012b318fe8f563a, przvgke.biz/oc
expiro, cf017035f2d395e64f4838f4f6ebcc8bbbaee8269329c82162372a0676ff0802, cvgrf.biz/adam
guloader, 1a30a31acb5237866f8e99f7742b8f8c83aca1a27f561f1a5fd2b4cc9e164c13, https://arpausa.com.ec/
guloader-remcos, c9c3a834173405cd87ab6a88c682965599e47465795f3c70d78e8cfea70a3e88, 161.248.179.122:2404
originlogger, 2a084e79463e72c0933ec50e0b89aa2cdd5295584b6d6b211da98c5a3b4a8a8c, storage3900.is.cc
originlogger, 3fcfea23ca2e49340c4404c5273a61be1d42d94b90419ee4eb20eb12472fa6b4, mail.anytimecargomovers.com
originlogger, f82e76e0e21d54e2b36a89f5ca8a2fa5a80815085115c749f03a4e728dd576c7, ftp.abdulsalam.com.my
remcos, a978b6f3e70e380384597e4a52f4b7ab04af36d55c4cb95d0e354b50aa3eaf73, 213.227.129.35:443
silverfox, 9a037129dd9fd9f2f776c7d996b82dac76042ae0f69c765522ff2f0904d726da, 207.56.138.28
snakekeylogger, 3d26d15d45309e55871bd2bbfe808557995ad18a94fb08374afc6209710fe1ea, mail.khobfahtravel.com
snakekeylogger, 6b8512118a20cd80b9647e3ccb368ec01a621902255e30fbbc3cee546e4846cf, mail.nnewstar.com
snakekeylogger, b5112c581bb86bae70d86aa62b2897baf4d4718a737b1bdfef76a1f5d3cbc72d, mail.rsrir.com
snakekeylogger, e83c332e676c5553f6336c54ad3e6f513d4dd0a6f0f76e963cb84e212a65183a, deihuiagrp.com
snakekeylogger, f904118eb7e5b47befd7915d3f6daf49ec3890940b1aa25a2444e300507f9c1a, mail.subway.com.sg
stealerium, 74742b207d38d5a8520d69e9b75a0a510c41e065c0102253e650d9cdb196e4bc, https://api.telegram.org/bot6926474815
xloader, 0a58c0fc52140fe8db183739b7d4c075285221b67e4c8199c054f1c74e82e291, www.kickersketch.com/bi5v
xloader, 11e6fb6d0a431b017cdadd0500e22ec184841935e47a064c0fd2d1405e123bcd, www.carplo.life/p4e0
xloader, 18f5cac951415dfc29a7c41a77cd8878674035561d0425dfbefd8939ea368f0d, www.a7799005.com/zpkx
xloader, 1fb2640c673c8dc92ad3b9085489c13c45af5aa3b4ff05eb1e647238e3d45126, http://www.worksfp.xyz/76pt/
xloader, 3dc467a7a9bcfa23fe34b6dc2932597bb7bbe79108e3d11dbc52b0bd135ef8e2, www.54827833.xyz/8alb
xloader, 85ad935b3f04ac7a537e4cf51894c03ed4764343f3b0d8c56657d9137d8e451e, www.muslimcruises.com
xloader, 89c232f0c040e54ae9568871262eadec3164ef6ccd10529792c7b949f98b25f4, www.taxattorneyreno.com/qt2u
xloader, b103eafb63925e5c6c7104d234873c0213def2cbf50f6b1566026694311b4902, www.nastyslice.com/uwvu
xloader, cfb9c7cf496ca45f0ea7f80ea3d06e19614227d346a05feb7abe00701e23a4b6, www.gatherpets.ca/03ge
xworm, 351e74317d920db0ce7cfd60c5977f8bb7b96dc7ff3c7956965472db50774243, 158.94.209.44
xworm, 37435cb1937605bc54b865e27c56b97165e0eadd7c2eadcb1479d9ff83c6b117, petro4prime.ydns.eu:5909
ICAP.QCR@rsrir.com
info@khobfahtravel.com
limulan@nnewstar.com
peter_c@subway.com.sg
working@st70683.ispot.cc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment