Pulse Detail — Threat Intelligence

PULSE NAME

RisePro stealer targets Github users in “gitgub” campaign

WHITE RisePro AlienVault 2024-03-15 Modified: 2024-04-14

IOCs

LOW VOLUME

A new campaign called gitgub is distributing the RisePro information stealer through malicious GitHub repositories. The campaign has already exfiltrated over 700 stolen data archives to Telegram channels. RisePro uses obfuscation techniques like import hashing and virtualization to evade detection.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1071 T1140 T1036 T1055 T1112 T1070 T1027 T1056

MALWARE FAMILIES

RisePro

Indicators of Compromise (7)

All FileHash-SHA256 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA256	059067376a6271fdead553b471ec899dec3662ec09bd5c3833911c87ea062e92	—	2024-03-15
FileHash-SHA256	0ff1e4724b5b02a034789e328531f04a660fd1bade2ad9e73c8b748e5f3e0753	—	2024-03-15
FileHash-SHA256	492a71bf56d2e89d0b9c5d70ed6c37acea89c8134fa5ba623bce74b3f0fb189e	—	2024-03-15
FileHash-SHA256	b0e194ed54bafa753bda5761c1264b67a5c438ee7a9ed624a83be913f037dcbb	—	2024-03-15
FileHash-SHA256	f52ba7d8a820d32c502c4aaef4bf9690fc0ca97b97c683b43057d82c06294257	—	2024-03-15
URL	https://digitalxnetwork.com/INSTALLER%20PA$$WORD%20GIT1HUB1FREE.rar	—	2024-03-15
domain	digitalxnetwork.com	—	2024-03-15

References (1)

↗ https://www.gdatasoftware.com/blog/2024/03/37885-risepro-stealer-campaign-github