3xp0rt

CryptBot is an information stealer distributed by fake cracked software, it is an advanced and mature operation providing many of the underground shops with its stolen credentials. Read the analysis here: https://fr3d.hk/blog/cryptbot-too-good-to-be-true … Thx2 @SteveD3 for the edits

#Octo Android banking #Trojan frequently mentioned on dark-web forums is in fact #ExobotCompact (#Coper) enhanced with On-Device Fraud capabilities and spread via Google Play Store. Read more details in our latest blog:https://threatfabric.com/blogs/octo-new-odf-banking-trojan.html …

We also shared #IoCs, #YARA rules and a #Mars #Stealer C2 extractor in our Github repository https://github.com/SEKOIA-IO/Community/tree/main/IOCs/marsstealer …https://github.com/SEKOIA-IO/Community/blob/main/scripts/mars_stealer_c2_extractor.py …

#Mars #Stealer has recently gain in popularity among information stealers, we try to demystify its different versions and explain our tracking process in our article https://blog.sekoia.io/mars-a-red-hot-information-stealer … #Malware #Tracker

Our large #bitrat actors are back...still rolling with the creative c2 names.... bitratnew9200[.]duckdns[.]orghttps://app.any.run/tasks/bd0eae1d-a5cd-4355-821d-60744feb7c6e …

FLARE dropping tool bombs on github that I haven't seen mentioned around the place. Been waiting for this to go public so I could share some scripts I have to dump .Net functions generating yara rules #100daysofyarahttps://github.com/mandiant/dncil 

I'm taking advantage while I share the samples of the X86 version of #Hive V5 for sharing also the Yara rule at the same time. Samples: https://bazaar.abuse.ch/browse/tag/Hive/ … Yara : https://github.com/StrangerealIntel/Orion/blob/main/Ransomware/RAN_Hive_March_2021_2.yara … cc @BushidoToken @c3rb3ru5d3d53c @cPeterr @h2jazi @Amigo_A_