← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Campaign uses infostealers and clippers for financial gain
WHITE AlienVault 2024-08-16 Modified: 2024-09-15
53
IOCs
HIGH VOLUME
Kaspersky has uncovered a complex malware campaign orchestrated by Russian-speaking cybercriminals. The threat actors create sub-campaigns mimicking legitimate projects, using social media to enhance credibility. They host initial downloaders on Dropbox to deliver infostealers like Danabot and StealC, as well as clippers. In addition to distributing malware, the campaigns trick victims into providing credentials and linking cryptocurrency wallets to drain funds. The analysis covers three active sub-campaigns involving multistage malware, process injection, and various evasion techniques.
evasionstealcphishingclipperinjectiondanabotrussianinfostealercryptocurrency
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Danabot StealC
Indicators of Compromise (2 / 53 total)
All BitcoinAddress URL domain hostname FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 19d399bd72ad9dfb80cc4952e025c448849533ab SHA1 of 142b8d0080db24246615059e4badf439f68c2b219c68c7ac7f4d2fc81f5bb9c2 2024-08-16
FileHash-SHA1 3e0c1d1408d817a64a219b2c52b39f50dc3e8f7a SHA1 of bafa7dbe2a5df97c8574824abd2ae78ffa0991f916e72debc9fc65e593ec2ee8 2024-08-16
References (1)
↗ https://securelist.com/tusk-infostealers-campaign/113367/