Striker

Striker is a cybercrime operator associated with the Striker C2 framework and, based on the provided reporting, has expanded from Striker C2 framework deployment into trojanized software distribution using signed RustDesk payloads. Breakglass Intelligence linked infrastructure used in a trojanized Microsoft Teams installer campaign to the previously identified GeorgeGinx/Striker operator through shared EvoXT hosting, a TLS certificate for calipology[.]com, and overlap with the "calipology" Telegram attribution. The campaign involved MSTeamsSetup.exe, a trojanized Microsoft Teams installer that delivered a weaponized RustDesk remote access client and used mon.systemautoupdater[.]com, resolving to 23.27.141[.]44, as active command-and-control infrastructure. The malware sample was signed with a suspicious Certum-issued code-signing certificate for "Zlatin Stamatov," assessed in the reporting as likely stolen or fraudulently obtained. The infrastructure at 23.27.141[.]44 exposed multiple services including FTP, SSH, Apache/nginx web services, and a Python-hosted "Trading Bots Management" panel on port 3004, suggesting broader criminal activity beyond remote access malware distribution. Known aliases and linked naming in the provided content include Striker, GeorgeGinx, and the "calipology" handle.