Happy Friday! 🥳 We start celebrating the weekend by initiating tracking on our 8th family 🕵️ It is primarily a stealer but is also pushing payloads. As more data comes in, patterns start to emerge, showing clear overlaps between various families and botnets 👀

Using collected intelligence, we correlated Vidar build IDs with loader task data and linked the threat actor to a Lumma Stealer campaign. Botnet identifiers are searchable in LIA and are crucial to creating a big-picture analysis. insights.loaderinsight.agency/posts/vidar-bu… #Vidar #Lumma #Stealer

Due to the nature of our intel collection we cannot share everything publicly as it give away our capabilities to threat actors. When we add a family, adapt our tracking, make observations etc. We want to share this in detail with users. How would you like to be notified?

Happy Monday! 🥳 Today we are launching "LIA Cables", an internal news feed that provides registered users with insight into LIA updates and observations🕵️ LIA Cables is a result of user input (below poll). An email newsletter will become available at a later date as well.

AI-Powered Threat Reporting and Analysis... ATIP It's live now, check it out 🤖 blog.unpac.me/2024/11/25/ati…

Payload statistics from November 2024 📊 We observed 404 tasks distributed by threat actors across the tracked botnets. This resulted in 2801 unique payloads. Top families: 1. #StealC 2. #Amadey 3. #Lumma 4. #Tofsee 5. #VidarStealer Unpacking & detection: UNPACME

Payload statistics from December 2024 📊 We observed 465 tasks distributed by threat actors across the tracked botnets. This resulted in 3180 unique payloads. Top families: 1. #Amadey 2. #StealC 3. #CryptBot 4. #GCleaner 5. #LummaStealer Unpacking & detection: UNPACME

Payload statistics from January 2025 📊 We observed 702 tasks distributed by threat actors across the tracked botnets. This resulted in 4172 unique payloads. Top families: 1. #Amadey 2. #StealC 3. #GCleaner 4. #Cryptbot 5. #LummaStealer Unpacking & detection: UNPACME

2024 Payload statistics (2024-05-01 - 2024-12-31) 📊 We observed 6599 tasks distributed by threat actors across the tracked botnets; resulting in 34538 unique payloads. Top families: 1. #StealC 2. #Amadey 3. #Socks5Systemz 4. #VidarStealer 5. #LummaStealer More stats to come!

New intel cable posted! 🕵️‍♂️ (Login required) Read how a (suspected) BP hoster outage made a threat actor change hosting provider. LIA telemetry shows clear overlaps and enables continuous tracking. And also; dashboards have been updated showing data for 7, 14 and 30 days 📊

Payload statistics from March 2025 📊We observed 656 tasks distributed by threat actors across the tracked botnets. This resulted in 4718 unique payloads. Top families: 1. #GCleaner 2. #StealC 3. #Amadey 4. #LummaStealer 5. #Xworm Unpacking & detection: UNPACME

Payload statistics from April 2025 📊 We observed 687 tasks distributed by threat actors across the tracked botnets. This resulted in 3283 unique payloads. Top families: 1. #GCleaner 2. #Amadey 3. #LummaStealer 4. #Xworm 5. #QuasarRAT Unpacking & detection: UNPACME

On May 1st LIA turned 1 year 🥳🎂 The first official task was from an Amadey botnet to download & execute Lumma Stealer: loaderinsight.agency/?p=task_view&f… LIA has since received >9300 tasks from botnets, netting 51327 payloads. Big thanks to everyone who has contributed to the project!

Payload statistics from May 2025 📊 We observed 772 tasks distributed by threat actors across the tracked botnets. This resulted in 2040 unique payloads. Top families: 1. #GCleaner 2. #LummaStealer 3. #NirSoftNirCmd 4. #Amadey 5. #Xworm Unpacking & detection: UNPACME

Payload statistics from July 2025 📊 We observed 625 tasks distributed by threat actors across the tracked botnets. This resulted in 2367 unique payloads. Top families: 1. #GCleaner 2. #Amadey 3. #LummaStealer 4. #NirSoftNirCmd 5. #QuasarRAT Unpacking & detection: UNPACME

🛠️ Busy weekend for LIA: + Backend improvements, web and API interfaces are now much more responsive + Added tracking for a "small" loader We are also working on some new features to provide additional insights. Stay tuned for the announcement! 👀

Payload statistics for September 2025 📊 We observed 554 tasks distributed by threat actors across the tracked botnets. This resulted in 1897 unique payloads. Top families: 1. #GCleaner 2. #Amadey 3. #LummaStealer 4. #StealC 5. #CredentialFlusher Unpacking & detection: UNPACME