Olivia
Online
LoaderInsightAgency
@LIA_Intel
Tracking malware loader botnets for fun
Joined June 2024
2 Following
390 Followers
50 Posts
Β Pinned Tweet
We are excited to announce that the #OpenCTI connector for the LIA File Feed just got merged into the master branch!
This gives you direct access to full context IOCs directly in your OpenCTI platform.
Check it out: https://t.co/V6tgtLyqnb
Our latest feature is out: Context Graph! π
Visualize and pivot on botnet tasks, payloads, domains and IPs
---
In addition, we created a new Botnet View to provide more details on botnets
---
And finally; added tracking for our 10th family π΅οΈ
Read more on our insights blog!
@500mk500 One of these vendors informed us that they mistakenly flagged the domains due to ingestion from a trusted source. We have been in contact with multiple vendors who have since removed their classification.
@500mk500 Unfortunately we can not see the screenshot due age-restricted content, you are welcome to send us a DM to discuss further.
The domains have been removed from the Maltrail blacklist.
LIA π€ Malcat
We are happy to announce that LIA has partnered with Malcat to strengthen payload detections using Kesakode!
Malcat also provides a LIA Threat Intelligence plugin for SHA256 lookups and sample downloads!
Read more on: https://t.co/xEJpinmfWV
UNPACME partners @LIA_Intel stay winning π
New BARE METAL analysis putting these malware loaders on notice!
π’ Major Update for LIA! π’
After many long hours we can finally announce that a brand new BARE METAL sandbox environment has been deployed. No VMs, no hypervisors, real hardware! βοΈ
All downloaded payloads are executed, and logs are searchable π
https://t.co/NqgQqbTmeg
Payload statistics for September 2025 π
We observed 554 tasks distributed by threat actors across the tracked botnets. This resulted in 1897 unique payloads.
Top families:
1. #GCleaner
2. #Amadey
3. #LummaStealer
4. #StealC
5. #CredentialFlusher
Unpacking & detection: @unpacme
π οΈ Busy weekend for LIA:
+ Backend improvements, web and API interfaces are now much more responsive
+ Added tracking for a "small" loader
We are also working on some new features to provide additional insights. Stay tuned for the announcement! π
Payload statistics from July 2025 π
We observed 625 tasks distributed by threat actors across the tracked botnets. This resulted in 2367 unique payloads.
Top families:
1. #GCleaner
2. #Amadey
3. #LummaStealer
4. #NirSoftNirCmd
5. #QuasarRAT
Unpacking & detection: @unpacme
Payload statistics from May 2025 π
We observed 772 tasks distributed by threat actors across the tracked botnets. This resulted in 2040 unique payloads.
Top families:
1. #GCleaner
2. #LummaStealer
3. #NirSoftNirCmd
4. #Amadey
5. #Xworm
Unpacking & detection: @unpacme
On May 1st LIA turned 1 year π₯³π
The first official task was from an Amadey botnet to download & execute Lumma Stealer: https://t.co/zCehjYTUBC
LIA has since received >9300 tasks from botnets, netting 51327 payloads.
Big thanks to everyone who has contributed to the project!
Payload statistics from April 2025 π
We observed 687 tasks distributed by threat actors across the tracked botnets. This resulted in 3283 unique payloads.
Top families:
1. #GCleaner
2. #Amadey
3. #LummaStealer
4. #Xworm
5. #QuasarRAT
Unpacking & detection: @unpacme
New intel cable posted! π΅οΈββοΈ (Login required)
Read how a (suspected) BP hoster outage made a threat actor change hosting provider. LIA telemetry shows clear overlaps and enables continuous tracking.
And also; dashboards have been updated showing data for 7, 14 and 30 days π
2024 Payload statistics (2024-05-01 - 2024-12-31) π
We observed 6599 tasks distributed by threat actors across the tracked botnets; resulting in 34538 unique payloads.
Top families:
1. #StealC
2. #Amadey
3. #Socks5Systemz
4. #VidarStealer
5. #LummaStealer
More stats to come!
Last Seen Users on Sotwe
cuckold porno
Seen from Turkey
Sex_DumbASSππ¨π± (OPEN COMISSION)
Seen from Poland
Stw bangett
Seen from Indonesia
Ω
ΨΨ§Ψ±Ψ¨ Ψ§ΩΩΨ³Ψ§Ψ―
Sura-B-Mobπ(COMMS FULL)
Seen from Netherlands
Best Gay Porn Fetish
Seen from Turkey
zevk suyun akΔ±yor sesli sohbet boΕalacam
Seen from Turkey
Leya Kirsan
Seen from Turkey
thich bΓΊ. liαΊΏm
Seen from Vietnam
νλ¨ π’π€π€π¦π€π€
Seen from Korea
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers
β¨
β
π«