LoaderInsightAgency

We are excited to announce that the #OpenCTI connector for the LIA File Feed just got merged into the master branch! This gives you direct access to full context IOCs directly in your OpenCTI platform. Check it out: github.com/OpenCTI-Platfo…

LIA 🤝 Malcat We are happy to announce that LIA has partnered with Malcat to strengthen payload detections using Kesakode! Malcat also provides a LIA Threat Intelligence plugin for SHA256 lookups and sample downloads! Read more on: insights.loaderinsight.agency/posts/malcat-k…

UNPACME partners @LIA_Intel stay winning 🚀 New BARE METAL analysis putting these malware loaders on notice!

📢 Major Update for LIA! 📢 After many long hours we can finally announce that a brand new BARE METAL sandbox environment has been deployed. No VMs, no hypervisors, real hardware! ⚒️ All downloaded payloads are executed, and logs are searchable 🔍 insights.loaderinsight.agency/posts/major-up…

Payload statistics for September 2025 📊 We observed 554 tasks distributed by threat actors across the tracked botnets. This resulted in 1897 unique payloads. Top families: 1. #GCleaner 2. #Amadey 3. #LummaStealer 4. #StealC 5. #CredentialFlusher Unpacking & detection: @unpacme

🛠️ Busy weekend for LIA: + Backend improvements, web and API interfaces are now much more responsive + Added tracking for a "small" loader We are also working on some new features to provide additional insights. Stay tuned for the announcement! 👀

Payload statistics from July 2025 📊 We observed 625 tasks distributed by threat actors across the tracked botnets. This resulted in 2367 unique payloads. Top families: 1. #GCleaner 2. #Amadey 3. #LummaStealer 4. #NirSoftNirCmd 5. #QuasarRAT Unpacking & detection: @unpacme

Payload statistics from May 2025 📊 We observed 772 tasks distributed by threat actors across the tracked botnets. This resulted in 2040 unique payloads. Top families: 1. #GCleaner 2. #LummaStealer 3. #NirSoftNirCmd 4. #Amadey 5. #Xworm Unpacking & detection: @unpacme

On May 1st LIA turned 1 year 🥳🎂 The first official task was from an Amadey botnet to download & execute Lumma Stealer: loaderinsight.agency/?p=task_view&f… LIA has since received >9300 tasks from botnets, netting 51327 payloads. Big thanks to everyone who has contributed to the project!

Payload statistics from April 2025 📊 We observed 687 tasks distributed by threat actors across the tracked botnets. This resulted in 3283 unique payloads. Top families: 1. #GCleaner 2. #Amadey 3. #LummaStealer 4. #Xworm 5. #QuasarRAT Unpacking & detection: @unpacme

Payload statistics from March 2025 📊We observed 656 tasks distributed by threat actors across the tracked botnets. This resulted in 4718 unique payloads. Top families: 1. #GCleaner 2. #StealC 3. #Amadey 4. #LummaStealer 5. #Xworm Unpacking & detection: @unpacme

New intel cable posted! 🕵️‍♂️ (Login required) Read how a (suspected) BP hoster outage made a threat actor change hosting provider. LIA telemetry shows clear overlaps and enables continuous tracking. And also; dashboards have been updated showing data for 7, 14 and 30 days 📊

2024 Payload statistics (2024-05-01 - 2024-12-31) 📊 We observed 6599 tasks distributed by threat actors across the tracked botnets; resulting in 34538 unique payloads. Top families: 1. #StealC 2. #Amadey 3. #Socks5Systemz 4. #VidarStealer 5. #LummaStealer More stats to come!

Payload statistics from January 2025 📊 We observed 702 tasks distributed by threat actors across the tracked botnets. This resulted in 4172 unique payloads. Top families: 1. #Amadey 2. #StealC 3. #GCleaner 4. #Cryptbot 5. #LummaStealer Unpacking & detection: @unpacme

Payload statistics from December 2024 📊 We observed 465 tasks distributed by threat actors across the tracked botnets. This resulted in 3180 unique payloads. Top families: 1. #Amadey 2. #StealC 3. #CryptBot 4. #GCleaner 5. #LummaStealer Unpacking & detection: @unpacme

Payload statistics from November 2024 📊 We observed 404 tasks distributed by threat actors across the tracked botnets. This resulted in 2801 unique payloads. Top families: 1. #StealC 2. #Amadey 3. #Lumma 4. #Tofsee 5. #VidarStealer Unpacking & detection: @unpacme

AI-Powered Threat Reporting and Analysis... ATIP It's live now, check it out 🤖 blog.unpac.me/2024/11/25/ati…

2/2 The monthly statistics is also available in our most recent LIA Cable. Read our interpretation of the monthly statistics and other observations during the period; Such as a possible reason behind the decrease in tasks and increase in payloads from September.

1/2 Payload statistics from October 2024 📊 We observed 373 tasks distributed by threat actors across the tracked botnets. This resulted in 4510 unique payloads. Top families: 1. #StealC 2. #Lumma 3. #Amadey 4. #VidarStealer 5. #SmokeLoader Unpacking & detection: @unpacme

Happy Monday! 🥳 Today we are launching "LIA Cables", an internal news feed that provides registered users with insight into LIA updates and observations🕵️ LIA Cables is a result of user input (below poll). An email newsletter will become available at a later date as well.