← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
MaaS Appeal: An Infostealer Rises From The Ashes.
WHITE PetrP.73 2025-07-31 Modified: 2025-07-31
30
IOCs
MEDIUM VOLUME
NOVABLIGHT is a sophisticated NodeJS-based infostealer marketed as a Malware-as-a-Service (MaaS) offering primarily focused on stealing user credentials and compromising cryptocurrency wallets. It is the product of a French-speaking threat actor group known as Sordeal Group, which has also released other malware such as Nova Sentinel and MALICORD. The infrastructure supporting NOVABLIGHT leverages Telegram and Discord for sales, licensing, and community interaction, with licenses offered for durations between one and twelve months.
novablightdiscordtelegramgithubtelegram apimullvadmaasmalicordgithub gisttask managersteamcodeatomiccryptoexoduspowershellfirst
Indicators of Compromise (4 / 30 total)
All URL FileHash-SHA256 YARA domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 39f09771d70e96c7b760b3b6a30a015ec5fb6a9dd5bc1e2e609ddf073c2c853d 2025-07-31
FileHash-SHA256 97393c27195c58f8e4acc9312a4c36818fe78f2ddce7ccba47f77a5ca42eab65 2025-07-31
FileHash-SHA256 d806d6b5811965e745fd444b8e57f2648780cc23db9aa2c1675bc9d18530ab73 2025-07-31
FileHash-SHA256 ed164ee2eacad0eea9dc4fbe271ee2b2387b59929d73c843281a8d5e94c05d64 2025-07-31
References (1)
↗ https://www.elastic.co/security-labs/maas-appeal-an-infostealer-rises-from-the-ashes