← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The GlorySprout or a Failed Clone of Taurus Stealer
WHITE Taurus CyberHunter_NL 2024-03-20 Modified: 2024-04-19
9
IOCs
LOW VOLUME
The GlorySprout stealer appeared on the XSS forum in March 2024, and it is believed to be a clone of Taurus Stealer, which was first offered for sale in 2020.
taurus stealerglorysproutrc4 keyc2 serverpost requestgraboutpost24tempzip archiveappdataantivmprojectaprilpredatorcomspecpythonatomicexodusbitcoinautoruntaurus
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Predator Taurus
Indicators of Compromise (9)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL YARA domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 3952a294b831e8738f70c2caea5e0559 2024-03-20
FileHash-MD5 d295c4f639d581851aea8fbcc1ea0989 MD5 of 8996c252fc41b7ec0ec73ce814e84136be6efef898822146c25af2330f4fd04a 2024-03-20
FileHash-SHA1 0cc91f5248ee5b730e79e3d0e517534bd15932d9 SHA1 of 8996c252fc41b7ec0ec73ce814e84136be6efef898822146c25af2330f4fd04a 2024-03-20
FileHash-SHA256 8996c252fc41b7ec0ec73ce814e84136be6efef898822146c25af2330f4fd04a 2024-03-20
URL https://fumik0.com/2019/12/25/lets-play-again-with-predator-the-thief/ 2024-03-20
URL https://outpost24.com/blog/an-in-depth-analysis-of-the-new-taurus-stealer/ 2024-03-20
YARA 04cdb07942e30d22473572dacaf4dcfc5859535a Detects GlorySprout Stealer 2024-03-20
domain fumik0.com 2024-03-20
domain outpost24.com 2024-03-20
References (1)
↗ https://russianpanda.com/2024/03/16/The-GlorySprout-Stealer-or-a-Failed-Clone-of-Taurus-Stealer/