IOC Radar
TLP:WHITE27 IOCs

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

MT
Microsoft Threat Intelligence
Published June 24, 2026Original Report

Threat Actors

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYPlayINFRASTRUCTUREhttp://svclsc.com/ms/…http://spasopro.at/Ls…http://roger99699.xyz…CAPABILITYLummaPlayRaccoonVICTIMunknown
Adversary(1)
Infrastructure(6)
Capability(6)
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise27

TypeIndicatorConfidenceScoreFirst Seen
SHA2568f32456359f209a63adfd24b94235e1727382ac7f7bb7f2bcaf754e721925b64
file-hashintel-blogmalware
Medium
53
Jun 25, 26
SHA2565f5b25b2e35d404034d0d60975cf1ffbc6f141761ec3f4f15d6f7c6213a056f6
file-hashintel-blogmalware
Medium
53
Jun 25, 26
URLhttp://svclsc.com/ms/index.php
intel-blogmalwarenetwork
High
58
Jun 25, 26
SHA256d43c988d6f9cb355497696b580621fb1bdb7b6ed6d90f97520ecf6da5a1a41ff
file-hashintel-blogmalware
Medium
53
Jun 25, 26
URLhttp://spasopro.at/Lsge63sd3/index.php 
intel-blogmalwarenetwork
High
58
Jun 25, 26
SHA2561246c5b89ab668c1137f377507bc3e266a98e93248382aa026610ae1e764a497
file-hashintel-blogmalware
Medium
53
Jun 25, 26
URLhttp://roger99699.xyz/425f1faf4b214434b8a3.php
intel-blogmalwarenetwork
High
58
Jun 25, 26
URLhttp://goodpanelforgoodjob.com/hg8jjfSr5hy/index.php
intel-blogmalwarenetwork
High
58
Jun 25, 26
URLhttp://secure.controlpanel.asia/330311481fe14ab99814.php
botnetintel-blogmalware
High
86
Jun 2, 26
URLhttp://polse.us/62ea47cac2534aa18f74.php
intel-blogmalwarenetwork
High
58
Jun 25, 26
SHA256977b33a9b481cf714946b7d386865cd5d284312aa5ecfa0546c197b1003e1bde
file-hashintel-blogmalware
Medium
53
Jun 25, 26
SHA256b7d1f172ff3feafe65d47fd1cbe0cc249316371ae0e1cbe3a7c741c738b3353d
file-hashintel-blogmalware
Medium
53
Jun 25, 26
SHA2562a0f053855da59b3b56812e580d7baeba59fc9493694722aa9e3f121ee3363f1
file-hashintel-blogmalware
Medium
53
Jun 25, 26
SHA25643455f1ff4a623b783da670d052eb77eaaacb0c66a9f1e8508f802bf22e8129e
file-hashintel-blogmalware
Medium
53
Jun 25, 26
URLhttps://bartsen284.online/39d9612df78e45b5a4bb.php
intel-blogmalwarenetwork
High
58
Jun 25, 26
URLhttp://microsoft-telemetry.at/cvdfnaFJBmC0/index.php
intel-blogmalwarenetwork
High
58
Jun 25, 26
SHA2568cef760d11d24fc2e9bbd9f770dca5105854f7ece3b0e6948d7c8b7fdd1765ea
file-hashintel-blogmalware
Medium
53
Jun 25, 26
SHA25699507f18c4e61fdb109805404bf6a79ea8ce2fddc590ce48d717e97516ab7e8d
file-hashintel-blogmalware
Medium
53
Jun 25, 26
SHA25698e504cc7125b79eda5491f40b998605a05f4cd968b961aab4cce7beb074fefe
file-hashintel-blogmalware
Medium
53
Jun 25, 26
URLhttp://rebustan.top/gd7djkDveE2/index.php
intel-blogmalwarenetwork
High
58
Jun 25, 26
SHA256ca4d4c4fc3e5d5cfa922b898f2d7411f03a446dddb139ba45dfd4f8f0018b64f
file-hashintel-blogmalware
Medium
53
Jun 25, 26
SHA2569383572a30ae5b76fadd0700fbd7a1aa7b05d0b6c8f9cdaef9b30a3e1f65d57d
file-hashintel-blogmalware
Medium
53
Jun 25, 26
SHA25630cef3d3d956e83e2c50579cfbe57a49159cccbcc8b0b0422f27d55e1c401ad9
file-hashintel-blogmalware
Medium
53
Jun 25, 26
URLhttp://bluescry.com/01f96fd710e905ca2326.php
intel-blogmalwarenetwork
High
58
Jun 25, 26
URLhttps://neltron-geltron.shop/e396586b99ee49d19cc3.php
intel-blogmalwarenetwork
High
58
Jun 25, 26
SHA2560215f734867bd71c57ff5c524d8cc670be5b4f1861b2c390cf46d18784a53624
file-hashintel-blogmalware
Medium
53
Jun 25, 26
URLhttp://cdntestconnect.com/ed54b97a570943999715.php
botnetintel-blogloader
High
86
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph27 total IOCs
SHA256URL
SHA25615URL12Actors1Malware5REPORTStealC and Amadey: BreakinPlayLummaPlayRaccoonRedLineStealc
scroll to zoom · drag to pan · click IOC to open