MALICIOUS (1) campaign cataloged at 2025-08-20(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2025-08-k7eel¶
Importing the module downloads and executes widely recognized malware
Abuse categories¶
malware
Campaign uses malware.
remote_executable
Downloads and executes a remote executable.
References¶
Referenced resources may include blog posts about the campaign, malware analysis, sandbox reports, or other relevant information.
IoCs & related URLs¶
URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.
-
hxxps://github.com/mtlnewacc6-sys/adadad/raw/refs/heads/main/x69.exe -
hxxps://github.com/byebyeeeeeeaaa/turbo-guide/raw/refs/heads/main/Payload.exe -
hxxps://github.com/deprosinal/legendary-funicular/raw/refs/heads/main/helo.exe -
hxxps://github.com/deprosinal/didactic-octo-funicular/raw/refs/heads/main/Payload.exe -
hxxps://github.com/deprosinal/sturdy-fiesta/raw/refs/heads/main/XClient.exe -
hxxps://github.com/deprosinal/jubilant-parakeet/raw/refs/heads/main/41222.exe -
hxxps://github.com/deprosinal/shiny-telegram/raw/refs/heads/main/XClient.exe
Packages in the campaign¶
campaign:2025-08-k7eel¶
- anrk
- anrok
- buildpeople
- comedrivewithmeman
- editidle
- fifam5tl
- fromwherebitch
- fuckingnuker
- fucknukeer
- fucknuker
- fucknukerbro
- fuckyoubitch
- fuckyoubitchbro
- hacktool
- hydenmj
- importsetup
- k7eeel
- k7eel
- k7eel2-ss
- k7eela
- kimportsetup
- lolcrazy
- medoen
- nayzakishere
- nukebount
- nukecount
- nukeport
- pacakegenow
- randar303
- woowoowo
- xwormclient