{ "type": "URL", "indicator": "https://master.volt-texs.online/postovoy/RANDOM_STRING", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://master.volt-texs.online/postovoy/RANDOM_STRING", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4005461767, "indicator": "https://master.volt-texs.online/postovoy/RANDOM_STRING", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "6737903e6525119b13ae7cea", "name": "ClickFix Phishing Campaign Delivers New Infostealer", "description": "Gen Digital has uncovered a new infostealer, Glove Stealer, distributed via a phishing campaign using malicious HTML attachments that leverage the ClickFix technique. The campaign employs PowerShell scripts to download and execute its payload, exfiltrating sensitive data such as credentials, browser data, and cryptocurrency wallets. The stealer uses a separate module to bypass Chrome's App-Bound encryption. This campaign highlights a significant risk, requiring robust phishing awareness, layered security controls, and proactive threat hunting to mitigate potential compromises.", "modified": "2024-11-15T18:17:34.903000", "created": "2024-11-15T18:17:34.903000", "tags": [], "references": [ "https://www.gendigital.com/blog/news/innovation/glove-stealer" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Glove", "display_name": "Glove", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1555.003", "name": "Credentials from Web Browsers", "display_name": "T1555.003 - Credentials from Web Browsers" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "eric.ford", "id": "42510", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_42510/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "URL": 9, "hostname": 2 }, "indicator_count": 14, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "561 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "673724211070a01393c874f3", "name": "Gen Blogs | Glove Stealer: Leveraging IElevator to Bypass App-Bound Encryption & Steal Sensitive Data", "description": "A security researcher has identified a new type of malware, known as Glove Stealer, which tries to steal sensitive data from browser extensions and locally installed software.. the BBC's Jan Rub\u00edn reports.", "modified": "2024-11-15T10:36:17.182000", "created": "2024-11-15T10:36:17.182000", "tags": [ "glove stealer", "chrome", "c server", "md5 hash", "serialnumber", "profile", "lastpass", "post request", "id set", "firefox", "steam", "specialfolder", "rub\u00edn senior", "glove" ], "references": [ "https://www.gendigital.com/blog/news/innovation/glove-stealer" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "SpecialFolder", "display_name": "SpecialFolder", "target": null }, { "id": "Rub\u00edn Senior", "display_name": "Rub\u00edn Senior", "target": null }, { "id": "Glove", "display_name": "Glove", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "URL": 5, "hostname": 2 }, "indicator_count": 10, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "561 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.gendigital.com/blog/news/innovation/glove-stealer" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Glove", "Rub\u00edn senior", "Specialfolder" ], "industries": [], "unique_indicators": 14 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/volt-texs.online", "whois": "http://whois.domaintools.com/volt-texs.online", "domain": "volt-texs.online", "hostname": "master.volt-texs.online" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "6737903e6525119b13ae7cea", "name": "ClickFix Phishing Campaign Delivers New Infostealer", "description": "Gen Digital has uncovered a new infostealer, Glove Stealer, distributed via a phishing campaign using malicious HTML attachments that leverage the ClickFix technique. The campaign employs PowerShell scripts to download and execute its payload, exfiltrating sensitive data such as credentials, browser data, and cryptocurrency wallets. The stealer uses a separate module to bypass Chrome's App-Bound encryption. This campaign highlights a significant risk, requiring robust phishing awareness, layered security controls, and proactive threat hunting to mitigate potential compromises.", "modified": "2024-11-15T18:17:34.903000", "created": "2024-11-15T18:17:34.903000", "tags": [], "references": [ "https://www.gendigital.com/blog/news/innovation/glove-stealer" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Glove", "display_name": "Glove", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1555.003", "name": "Credentials from Web Browsers", "display_name": "T1555.003 - Credentials from Web Browsers" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "eric.ford", "id": "42510", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_42510/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "URL": 9, "hostname": 2 }, "indicator_count": 14, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "561 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "673724211070a01393c874f3", "name": "Gen Blogs | Glove Stealer: Leveraging IElevator to Bypass App-Bound Encryption & Steal Sensitive Data", "description": "A security researcher has identified a new type of malware, known as Glove Stealer, which tries to steal sensitive data from browser extensions and locally installed software.. the BBC's Jan Rub\u00edn reports.", "modified": "2024-11-15T10:36:17.182000", "created": "2024-11-15T10:36:17.182000", "tags": [ "glove stealer", "chrome", "c server", "md5 hash", "serialnumber", "profile", "lastpass", "post request", "id set", "firefox", "steam", "specialfolder", "rub\u00edn senior", "glove" ], "references": [ "https://www.gendigital.com/blog/news/innovation/glove-stealer" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "SpecialFolder", "display_name": "SpecialFolder", "target": null }, { "id": "Rub\u00edn Senior", "display_name": "Rub\u00edn Senior", "target": null }, { "id": "Glove", "display_name": "Glove", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "URL": 5, "hostname": 2 }, "indicator_count": 10, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "561 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://master.volt-texs.online/postovoy/RANDOM_STRING", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://master.volt-texs.online/postovoy/RANDOM_STRING", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780170452.2710085 }