@LIA_Intel profile picture
LoaderInsightAgency @LIA_Intel

Tracking malware loader botnets for fun

Joined June 2024
  • Tweets 50
  • Following 2
  • Followers 390
25 Photos and videos
Pinned Tweet
LoaderInsightAgency@LIA_Intel
Jun 3
Our latest feature is out: Context Graph! πŸ” Visualize and pivot on botnet tasks, payloads, domains and IPs --- In addition, we created a new Botnet View to provide more details on botnets --- And finally; added tracking for our 10th family πŸ•΅οΈ Read more on our insights blog!
2
7
984
LIA 🀝 Malcat We are happy to announce that LIA has partnered with Malcat to strengthen payload detections using Kesakode! Malcat also provides a LIA Threat Intelligence plugin for SHA256 lookups and sample downloads! Read more on: insights.loaderinsight.agenc…
5
12
1,548
LoaderInsightAgency retweeted
herrcore
@herrcore
4 Dec 2025
UNPACME partners @LIA_Intel stay winning πŸš€ New BARE METAL analysis putting these malware loaders on notice!
1
2
23
2,251
πŸ“’ Major Update for LIA! πŸ“’ After many long hours we can finally announce that a brand new BARE METAL sandbox environment has been deployed. No VMs, no hypervisors, real hardware! βš’οΈ All downloaded payloads are executed, and logs are searchable πŸ” insights.loaderinsight.agenc…
3
7
1,047
Payload statistics for September 2025 πŸ“Š We observed 554 tasks distributed by threat actors across the tracked botnets. This resulted in 1897 unique payloads. Top families: 1. #GCleaner 2. #Amadey 3. #LummaStealer 4. #StealC 5. #CredentialFlusher Unpacking & detection: @unpacme
5
11
2,071
πŸ› οΈ Busy weekend for LIA: Backend improvements, web and API interfaces are now much more responsive Added tracking for a "small" loader We are also working on some new features to provide additional insights. Stay tuned for the announcement! πŸ‘€
2
189
Payload statistics from July 2025 πŸ“Š We observed 625 tasks distributed by threat actors across the tracked botnets. This resulted in 2367 unique payloads. Top families: 1. #GCleaner 2. #Amadey 3. #LummaStealer 4. #NirSoftNirCmd 5. #QuasarRAT Unpacking & detection: @unpacme
4
9
1,577
Payload statistics from May 2025 πŸ“Š We observed 772 tasks distributed by threat actors across the tracked botnets. This resulted in 2040 unique payloads. Top families: 1. #GCleaner 2. #LummaStealer 3. #NirSoftNirCmd 4. #Amadey 5. #Xworm Unpacking & detection: @unpacme
5
6
1,568
On May 1st LIA turned 1 year πŸ₯³πŸŽ‚ The first official task was from an Amadey botnet to download & execute Lumma Stealer: loaderinsight.agency/?p=task… LIA has since received >9300 tasks from botnets, netting 51327 payloads. Big thanks to everyone who has contributed to the project!
5
15
2,065
Payload statistics from April 2025 πŸ“Š We observed 687 tasks distributed by threat actors across the tracked botnets. This resulted in 3283 unique payloads. Top families: 1. #GCleaner 2. #Amadey 3. #LummaStealer 4. #Xworm 5. #QuasarRAT Unpacking & detection: @unpacme
1
212
Payload statistics from March 2025 πŸ“ŠWe observed 656 tasks distributed by threat actors across the tracked botnets. This resulted in 4718 unique payloads. Top families: 1. #GCleaner 2. #StealC 3. #Amadey 4. #LummaStealer 5. #Xworm Unpacking & detection: @unpacme
2
11
1,115
New intel cable posted! πŸ•΅οΈβ€β™‚οΈ (Login required) Read how a (suspected) BP hoster outage made a threat actor change hosting provider. LIA telemetry shows clear overlaps and enables continuous tracking. And also; dashboards have been updated showing data for 7, 14 and 30 days πŸ“Š
2
203
2024 Payload statistics (2024-05-01 - 2024-12-31) πŸ“Š We observed 6599 tasks distributed by threat actors across the tracked botnets; resulting in 34538 unique payloads. Top families: 1. #StealC 2. #Amadey 3. #Socks5Systemz 4. #VidarStealer 5. #LummaStealer More stats to come!
1
1
407
Payload statistics from January 2025 πŸ“Š We observed 702 tasks distributed by threat actors across the tracked botnets. This resulted in 4172 unique payloads. Top families: 1. #Amadey 2. #StealC 3. #GCleaner 4. #Cryptbot 5. #LummaStealer Unpacking & detection: @unpacme
3
380
Payload statistics from December 2024 πŸ“Š We observed 465 tasks distributed by threat actors across the tracked botnets. This resulted in 3180 unique payloads. Top families: 1. #Amadey 2. #StealC 3. #CryptBot 4. #GCleaner 5. #LummaStealer Unpacking & detection: @unpacme
6
598
Payload statistics from November 2024 πŸ“Š We observed 404 tasks distributed by threat actors across the tracked botnets. This resulted in 2801 unique payloads. Top families: 1. #StealC 2. #Amadey 3. #Lumma 4. #Tofsee 5. #VidarStealer Unpacking & detection: @unpacme
1
5
605
We are excited to announce that the #OpenCTI connector for the LIA File Feed just got merged into the master branch! This gives you direct access to full context IOCs directly in your OpenCTI platform. Check it out: github.com/OpenCTI-Platform/…
4
26
3,176
LoaderInsightAgency retweeted
UNPACME@unpacme
25 Nov 2024
AI-Powered Threat Reporting and Analysis... ATIP It's live now, check it out πŸ€– blog.unpac.me/2024/11/25/ati…

ATIP – Introducing AI-Powered Threat Reporting and Analysis

With UnpacMe 8.6.0, we introduce ATIP, our AI-powered Automated Threat Intelligence Product. ATIP uses artificial intelligence to summarize malware analysis, generate threat reports, and provide...

blog.unpac.me
19
67
12,511
1/2 Payload statistics from October 2024 πŸ“Š We observed 373 tasks distributed by threat actors across the tracked botnets. This resulted in 4510 unique payloads. Top families: 1. #StealC 2. #Lumma 3. #Amadey 4. #VidarStealer 5. #SmokeLoader Unpacking & detection: @unpacme
1
3
15
2,124
2/2 The monthly statistics is also available in our most recent LIA Cable. Read our interpretation of the monthly statistics and other observations during the period; Such as a possible reason behind the decrease in tasks and increase in payloads from September.
2
201
Load more