mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 01:07:18 +00:00
Merge pull request #920 from Delta-Sierra/main
add mars and oski stealers
This commit is contained in:
commit
270bc6fb7d
1 changed files with 61 additions and 1 deletions
|
@ -223,7 +223,67 @@
|
||||||
},
|
},
|
||||||
"uuid": "0266302b-52d3-44da-ab63-a8a6f16de737",
|
"uuid": "0266302b-52d3-44da-ab63-a8a6f16de737",
|
||||||
"value": "Sordeal-Stealer"
|
"value": "Sordeal-Stealer"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Mars stealer is an improved successor of Oski Stealer, supporting stealing from current browsers and targeting crypto currencies and 2FA plugins. Mars Stealer written in ASM/C using WinApi, weight is 95 kb. Uses special techniques to hide WinApi calls, encrypts strings, collects information in the memory, supports secure SSL-connection with C&C, doesn’t use CRT, STD.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://malpedia.caad.fkie.fraunhofer.de/details/win.mars_stealer",
|
||||||
|
"https://3xp0rt.com/posts/mars-stealer/",
|
||||||
|
"https://cyberint.com/blog/research/mars-stealer/",
|
||||||
|
"https://isc.sans.edu/diary/rss/28468",
|
||||||
|
"https://isc.sans.edu/diary/Arkei+Variants%3A+From+Vidar+to+Mars+Stealer/28468",
|
||||||
|
"https://blog.morphisec.com/threat-research-mars-stealer",
|
||||||
|
"https://cert.gov.ua/article/38606",
|
||||||
|
"https://www.malwarebytes.com/blog/threat-intelligence/2022/04/colibri-loader-combines-task-scheduler-and-powershell-in-clever-persistence-technique",
|
||||||
|
"https://blog.sekoia.io/mars-a-red-hot-information-stealer/",
|
||||||
|
"https://www.bleepingcomputer.com/news/security/new-meta-information-stealer-distributed-in-malspam-campaign/",
|
||||||
|
"https://www.esentire.com/blog/fake-chrome-setup-leads-to-netsupportmanager-rat-and-mars-stealer",
|
||||||
|
"https://resources.infosecinstitute.com/topics/malware-analysis/mars-stealer-malware-analysis/",
|
||||||
|
"https://www.microsoft.com/en-us/security/blog/2022/05/17/in-hot-pursuit-of-cryware-defending-hot-wallets-from-attacks/",
|
||||||
|
"https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-mars-stealer",
|
||||||
|
"https://x-junior.github.io/malware%20analysis/2022/05/19/MarsStealer.html",
|
||||||
|
"https://www.kelacyber.com/information-stealers-a-new-landscape/",
|
||||||
|
"https://cyble.com/blog/fake-atomic-wallet-website-distributing-mars-stealer/",
|
||||||
|
"https://go.recordedfuture.com/hubfs/reports/cta-2022-0802.pdf",
|
||||||
|
"https://drive.google.com/file/d/14cmYxzowVLyuiS5qDGOKzgI2_vak2Fve/view",
|
||||||
|
"https://threatmon.io/mars-stealer-malware-analysis-2022/",
|
||||||
|
"https://threatmon.io/storage/mars-stealer-malware-analysis-2022.pdf",
|
||||||
|
"https://3xp0rt.com/posts/mars-stealer/forum.png"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "54b61c7e-8ced-4b90-a295-62102bfd4f32",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"very-likely\""
|
||||||
|
],
|
||||||
|
"type": "successor-of"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"uuid": "64e51712-89d6-4c91-98ac-8907eafe98c6",
|
||||||
|
"value": "Mars Stealer"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "The Oski stealer is a malicious information stealer, which was first introduced in November 2019. As the name implies, the Oski stealer steals personal and sensitive information from its target. “Oski” is derived from an old Nordic word meaning Viking warrior, which is quite fitting considering this popular info-stealer is extremely effective at pillaging privileged information from its victims.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://malpedia.caad.fkie.fraunhofer.de/details/win.oski",
|
||||||
|
"https://twitter.com/albertzsigovits/status/1160874557454131200",
|
||||||
|
"https://www.bitdefender.com/blog/labs/",
|
||||||
|
"https://www.cyberark.com/resources/threat-research-blog/meet-oski-stealer-an-in-depth-analysis-of-the-popular-credential-stealer",
|
||||||
|
"https://medium.com/shallvhack/oski-stealer-a-credential-theft-malware-b9bba5164601",
|
||||||
|
"https://yoroi.company/en/research/the-wayback-campaign-a-large-scale-operation-hiding-in-plain-sight/",
|
||||||
|
"https://drive.google.com/file/d/1c72YIF6JYcEvbFZCrkZO26D9hC3gnyMP/view",
|
||||||
|
"https://www.rapid7.com/solutions/unified-mdr-xdr-vm/",
|
||||||
|
"https://3xp0rt.com/posts/mars-stealer/",
|
||||||
|
"https://cyberint.com/blog/research/mars-stealer/",
|
||||||
|
"https://isc.sans.edu/diary/Arkei+Variants%3A+From+Vidar+to+Mars+Stealer/28468"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "54b61c7e-8ced-4b90-a295-62102bfd4f32",
|
||||||
|
"value": "Oski Stealer"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 13
|
"version": 14
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue