{ "type": "MD5", "indicator": "a9701b8d65c2124a94de23d13ef81449", "general": { "sections": [ "general", "analysis" ], "type": "md5", "type_title": "FileHash-MD5", "indicator": "a9701b8d65c2124a94de23d13ef81449", "validation": [], "base_indicator": { "id": 3937424485, "indicator": "a9701b8d65c2124a94de23d13ef81449", "type": "FileHash-MD5", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "67768389d9fecc480a55978b", "name": "Usage of the LegionLoader malware to Steal Credentials", "description": "LegionLoader malware evolves, posing significant cybersecurity threats.", "modified": "2025-01-02T12:16:09.844000", "created": "2025-01-02T12:16:09.844000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 483, "FileHash-SHA1": 16, "FileHash-SHA256": 16, "URL": 43, "domain": 24 }, "indicator_count": 582, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "513 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "66b5275303099746ff50f5b3", "name": "ACTIVIDAD MALICIOSA | Relacionada con Stealc 08-08-2024", "description": "Stealc es un malware dise\u00f1ado para robar informaci\u00f3n y se enfoca en una amplia variedad de datos asociados a navegadores, software de mensajer\u00eda, monederos de criptomonedas y otras aplicaciones y extensiones. Creado bas\u00e1ndose en otros stealers como Vidar, Raccoon, Mars y RedLine, Stealc est\u00e1 en desarrollo activo, con nuevas variantes siendo publicadas regularmente por sus desarrolladores. Este programa malicioso tiene como objetivo extraer datos de m\u00e1s de veinte navegadores, incluyendo historiales de navegaci\u00f3n, credenciales de inicio de sesi\u00f3n, y datos financieros.", "modified": "2024-08-08T20:15:15.428000", "created": "2024-08-08T20:15:15.428000", "tags": [ "indicador", "discovery", "ta0006", "ta0007", "ta0008", "t1003", "os credential", "dumping", "t1005", "t1007", "system service" ], "references": [ "https://www.virustotal.com/graph/embed/g2f95794259c54feab106125257b41f8ab48dbad711a24948bfd8fedbfd155c87?theme=light", "https://darfe.es/ciberwiki/index.php?title=Stealc", "https://www.alertasyseguridad.net/repositorio-ioc/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Stealc", "display_name": "Stealc", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 246, "FileHash-SHA1": 246, "FileHash-SHA256": 246 }, "indicator_count": 738, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "660 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 } ], "references": [ "https://www.virustotal.com/graph/embed/g2f95794259c54feab106125257b41f8ab48dbad711a24948bfd8fedbfd155c87?theme=light", "https://www.alertasyseguridad.net/repositorio-ioc/", "https://darfe.es/ciberwiki/index.php?title=Stealc" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Stealc" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "67768389d9fecc480a55978b", "name": "Usage of the LegionLoader malware to Steal Credentials", "description": "LegionLoader malware evolves, posing significant cybersecurity threats.", "modified": "2025-01-02T12:16:09.844000", "created": "2025-01-02T12:16:09.844000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 483, "FileHash-SHA1": 16, "FileHash-SHA256": 16, "URL": 43, "domain": 24 }, "indicator_count": 582, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "513 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "66b5275303099746ff50f5b3", "name": "ACTIVIDAD MALICIOSA | Relacionada con Stealc 08-08-2024", "description": "Stealc es un malware dise\u00f1ado para robar informaci\u00f3n y se enfoca en una amplia variedad de datos asociados a navegadores, software de mensajer\u00eda, monederos de criptomonedas y otras aplicaciones y extensiones. Creado bas\u00e1ndose en otros stealers como Vidar, Raccoon, Mars y RedLine, Stealc est\u00e1 en desarrollo activo, con nuevas variantes siendo publicadas regularmente por sus desarrolladores. Este programa malicioso tiene como objetivo extraer datos de m\u00e1s de veinte navegadores, incluyendo historiales de navegaci\u00f3n, credenciales de inicio de sesi\u00f3n, y datos financieros.", "modified": "2024-08-08T20:15:15.428000", "created": "2024-08-08T20:15:15.428000", "tags": [ "indicador", "discovery", "ta0006", "ta0007", "ta0008", "t1003", "os credential", "dumping", "t1005", "t1007", "system service" ], "references": [ "https://www.virustotal.com/graph/embed/g2f95794259c54feab106125257b41f8ab48dbad711a24948bfd8fedbfd155c87?theme=light", "https://darfe.es/ciberwiki/index.php?title=Stealc", "https://www.alertasyseguridad.net/repositorio-ioc/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Stealc", "display_name": "Stealc", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 246, "FileHash-SHA1": 246, "FileHash-SHA256": 246 }, "indicator_count": 738, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "660 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "a9701b8d65c2124a94de23d13ef81449", "type": "Hash" }, "abuseipdb": null, "urlhaus": { "indicator": "a9701b8d65c2124a94de23d13ef81449", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780226156.4378414 }