Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 20:14:12 UTC
Home > List all groups > List all tools > List all groups using tool Kelihos
 Tool: Kelihos
Names
Kelihos
Waledac
Hlux
Category Malware
Type Botnet, Downloader
Description
(CrowdStrike) For several years, pump-and-dump stock scams, dating ruses, credential
phishing, money mule recruitment and rogue online pharmacy advertisements were the most
common spam themes. In 2017, however, Kelihos was frequently used to spread other
malware such as Luminosity RAT, Zyklon HTTP, Neutrino, Nymaim, Gozi ISFB, Zeus Panda,
Kronos, and TrickBot. It was also observed spreading ransomware families including Shade,
Cerber, and FileCrypt2.
Information
Malpedia
Last change to this tool card: 16 May 2020
Download this tool card in JSON format
All groups using tool Kelihos
Changed Name Country Observed
Other groups
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=249447a1-e003-487a-a089-4d79aa1cde84
Page 1 of 2

Zombie Spider 2010-Jun 2021
1 group listed (0 APT, 1 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=249447a1-e003-487a-a089-4d79aa1cde84
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=249447a1-e003-487a-a089-4d79aa1cde84
Page 2 of 2