IOC Radar
TLP:WHITE12 IOCs

[Amadey] Targeted Analysis of its Campaign’s Kill Chain, String and Traffic Encryption Algorithm, and Download of Additional Modules

0M
0x0d4y Malware Research
Published June 16, 2025Original Report

Threat Actors

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYTurlaINFRASTRUCTUREdatahouse.ru185.215.113.117CAPABILITYLummaMETA StealerStealcVICTIMunknown
Adversary(1)
Infrastructure(2)
Capability(4)
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise12

TypeIndicatorConfidenceScoreFirst Seen
SHA2564da19f0ba38dd81868970b13a5e36527d7b0c566237fa1e765293a3be4cf896e
file-hashintel-blogloader
Medium
53
Jun 2, 26
Domaindatahouse.ru
ddosintel-blogmalware
High
58
Jun 2, 26
SHA256a1a79febe636f6af95ca527bf37321a329f37bc2524414376f2727f4d9bd17c1
file-hashintel-blogmalware
Medium
53
Jun 2, 26
MD54a2b1d794e79a4532b6e2b679408d2bb
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256ec69acca4817e9e938a14043861bad3a1cb71e3530043448389a19eb6d3be317
file-hashintel-blogmalware
Medium
53
Jun 2, 26
MD52eabe9054cad5152567f0699947a2c5b
file-hashintel-blogmalware
Medium
53
Jun 2, 26
MD5646167cce332c1c252cdcb1839e0cf48
file-hashintel-blogmalware
Medium
53
Jun 2, 26
MD5006700e5a2ab05704bbb0c589b88924d
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA2568c1815ea20953987b173bfe13e264143f45f3b7e874d9184f11bb51d15685c31
file-hashintel-blogloader
Medium
53
Jun 2, 26
MD51db72c5832fb71b29863ccc3125137a0
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA25699a0b36329cf23d11c78334f513ed0cd7c3c22b997d556e91399c2d627d5d8a6
file-hashintel-blogmalware
Medium
53
Jun 2, 26
IP185.215.113.117
intel-blogloadermalware
High
63
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph12 total IOCs
SHA256DomainMD5IP
SHA2565MD55Domain1IP1Actors1Malware4REPORT[Amadey] Targeted AnalysisTurlaLummaMETA StealerStealcXWorm
scroll to zoom · drag to pan · click IOC to open