Jun 3, 2026
C2 Hosts: 4
Amadey
Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.
C2 Infrastructure
Hosting/VPS 80%
Business 20%
Last 7 days
May 29, 2026
C2 Hosts: 1
| Date | C2 Hosts |
|---|---|
| Jun 3, 2026 | 4 |
| May 29, 2026 | 1 |
Further Reading
Unveiling Socks5Systemz: The Rise of a New Proxy Service via PrivateLoader and Amadey | Bitsight opens in a new tab
Recently, our Threat Research team discovered a new malware sample, distributed by the PrivateLoader and Amadey loaders. Learn more.
bitsight.com
The Hole in the Bucket: Attackers Abuse Bitbucket to Deliver an Arsenal of Malware opens in a new tab
Cybereason is following an active campaign to deliver multiple different types of malware to victims all over the world. This attack is able to steal data, mine for cryptocurrency, and in specific ...
cybereason.com
Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers | Rapid7 Blog opens in a new tab
Rapid7 has observed the Fake Browser Update lure utilizing a sophisticated new loader to execute infostealers.
rapid7.com
Amadey Threat Analysis and Detections | Splunk opens in a new tab
The Splunk Threat Research Team shares a deep-dive analysis of the Amadey Trojan Stealer, an active and prominent malware that first emerged on the cybersecurity landscape in 2018 and has maintaine...
splunk.com
Exploring Seychelles: Team Cymru's Tech Adventure opens in a new tab
Explore the beauty of Seychelles and its C(2) Shore with our technology company. Discover the perfect blend of nature and innovation on this breathtaking island.
team-cymru.com
TA505's Box of Chocolate - On Hidden Gems packed with the TA505 Packer opens in a new tab
Cybersecurity: TA505, a very active threat actor, works differently than, for example, the group behind Emotet. Which tools are used here, Thomas Barabosch explains to you in his Blog.
telekom.com
Amadey: New encoding with old tricks - VMRay opens in a new tab
The main functionality of Amadey is to collect information about the infected host, steal data, & download malware. Read more for the details.
vmray.com
Latest Amadey Uses Screen Capture, Pushes Remcos RAT | Blog opens in a new tab
Zscaler ThreatLabZ team is continually monitoring known threats to see if they re-appear in a different form. Read more.
zscaler.com