Christoffer S. · @cstromblad
1104 followers · 1260 posts · Server ioc.exchange
Rhadamanthys Stealer has it's own web, had missed that completely.
Yet one more sign that the Stealer market is growing, maturing and getting increasingly professional and important part of the ecosystem.
#threatintelligence #stealer #credentialstealer #malware
Just Another Blue Teamer · @LeeArchinal
71 followers · 123 posts · Server ioc.exchange
#HappyFriday everyone! This week I will wrap up with a #readoftheday from ThreatMon and their coverage of the #ZarazaBot. They provide technical analysis of the #credentialstealer and describes some of its behaviors! Enjoy and Happy Hunting!
Zaraza Bot: The New Russian Credential Stealer
https://threatmon.io/wp-content/uploads/2023/05/Zaraza-Bot_-The-New-Russian-Credential-Stealer.pdf
Notable MITRE ATT&CK TTPs:
TA0009 - Collection:
T1005 - Data from Local System
T1113 - Screen Capture
T1119 - Automated Collection
T1074.001 - Data Staged: Local Data Staging
TA0011 - Command And Control
T1071 - Application layer Protocol
T1537 - Encrypted Channel
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
#happyfriday #readoftheday #zarazabot #credentialstealer #cybersecurity #itsecurity #infosec #blueteam #threatintel #threathunting #ThreatDetection #happyhunting
Christoffer S. · @cstromblad
1034 followers · 994 posts · Server ioc.exchangeAny thoughts on how many Credential Stealer families rely on using the Telegram API Bot endpoint for exfiltrating / copying information from infected devices?
Trying to assess the potential for leveraging that observation for some simple detection rules of potential stealer infections.
Any hot takes?
#threatintel #detectionengineering #credentialstealer
Strömblad · @nopatience
139 followers · 127 posts · Server swecyb.comNoterade för några dagar sedan att en cyber kriminell marknadsplats har börjat inkludera inloggningsuppgifter från Android appar.
Inte hunnit gräva i det särskilt mycket men oroväckande med tanke på hur många långlivade sessioner som finns där i våra företagsappar.
Vad tänker ni?
#credentialstealer #android #threatintel
ITSEC News · @itsecbot
856 followers · 32557 posts · Server schleuss.online
Threat Spotlight: Solarmarker - By Andrew Windsor, with contributions from Chris Neal.
Executive summaryCisco Tal... http://feedproxy.google.com/~r/feedburner/Talos/~3/QZanLZERCHk/threat-spotlight-solarmarker.html #credentialstealer #securex #threats
#threats #securex #credentialstealer
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Loda RAT Grows Up - By Chris Neal.Over the past several months, Cisco Talos has observed a malware campaign that utilize... more: http://feedproxy.google.com/~r/feedburner/Talos/~3/FP1Tfj2Deww/loda-rat-grows-up.html #credentialstealer #threatresearch #malware #autoit #rats #rat
#rat #rats #autoit #malware #threatresearch #credentialstealer