add mars and oski stealers

This commit is contained in:
Delta-Sierra 2024-01-26 16:11:12 +01:00
parent 9f5554ab9f
commit 68cd2fca82

View file

@ -223,7 +223,67 @@
}, },
"uuid": "0266302b-52d3-44da-ab63-a8a6f16de737", "uuid": "0266302b-52d3-44da-ab63-a8a6f16de737",
"value": "Sordeal-Stealer" "value": "Sordeal-Stealer"
},
{
"description": "Mars stealer is an improved successor of Oski Stealer, supporting stealing from current browsers and targeting crypto currencies and 2FA plugins. Mars Stealer written in ASM/C using WinApi, weight is 95 kb. Uses special techniques to hide WinApi calls, encrypts strings, collects information in the memory, supports secure SSL-connection with C&C, doesnt use CRT, STD.",
"meta": {
"refs": [
"https://malpedia.caad.fkie.fraunhofer.de/details/win.mars_stealer",
"https://3xp0rt.com/posts/mars-stealer/",
"https://cyberint.com/blog/research/mars-stealer/",
"https://isc.sans.edu/diary/rss/28468",
"https://isc.sans.edu/diary/Arkei+Variants%3A+From+Vidar+to+Mars+Stealer/28468",
"https://blog.morphisec.com/threat-research-mars-stealer",
"https://cert.gov.ua/article/38606",
"https://www.malwarebytes.com/blog/threat-intelligence/2022/04/colibri-loader-combines-task-scheduler-and-powershell-in-clever-persistence-technique",
"https://blog.sekoia.io/mars-a-red-hot-information-stealer/",
"https://www.bleepingcomputer.com/news/security/new-meta-information-stealer-distributed-in-malspam-campaign/",
"https://www.esentire.com/blog/fake-chrome-setup-leads-to-netsupportmanager-rat-and-mars-stealer",
"https://resources.infosecinstitute.com/topics/malware-analysis/mars-stealer-malware-analysis/",
"https://www.microsoft.com/en-us/security/blog/2022/05/17/in-hot-pursuit-of-cryware-defending-hot-wallets-from-attacks/",
"https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-mars-stealer",
"https://x-junior.github.io/malware%20analysis/2022/05/19/MarsStealer.html",
"https://www.kelacyber.com/information-stealers-a-new-landscape/",
"https://cyble.com/blog/fake-atomic-wallet-website-distributing-mars-stealer/",
"https://go.recordedfuture.com/hubfs/reports/cta-2022-0802.pdf",
"https://drive.google.com/file/d/14cmYxzowVLyuiS5qDGOKzgI2_vak2Fve/view",
"https://threatmon.io/mars-stealer-malware-analysis-2022/",
"https://threatmon.io/storage/mars-stealer-malware-analysis-2022.pdf",
"https://3xp0rt.com/posts/mars-stealer/forum.png"
]
},
"related": [
{
"dest-uuid": "54b61c7e-8ced-4b90-a295-62102bfd4f32",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "successor-of"
}
],
"uuid": "64e51712-89d6-4c91-98ac-8907eafe98c6",
"value": "Mars Stealer"
},
{
"description": "The Oski stealer is a malicious information stealer, which was first introduced in November 2019. As the name implies, the Oski stealer steals personal and sensitive information from its target. “Oski” is derived from an old Nordic word meaning Viking warrior, which is quite fitting considering this popular info-stealer is extremely effective at pillaging privileged information from its victims.",
"meta": {
"refs": [
"https://malpedia.caad.fkie.fraunhofer.de/details/win.oski",
"https://twitter.com/albertzsigovits/status/1160874557454131200",
"https://www.bitdefender.com/blog/labs/",
"https://www.cyberark.com/resources/threat-research-blog/meet-oski-stealer-an-in-depth-analysis-of-the-popular-credential-stealer",
"https://medium.com/shallvhack/oski-stealer-a-credential-theft-malware-b9bba5164601",
"https://yoroi.company/en/research/the-wayback-campaign-a-large-scale-operation-hiding-in-plain-sight/",
"https://drive.google.com/file/d/1c72YIF6JYcEvbFZCrkZO26D9hC3gnyMP/view",
"https://www.rapid7.com/solutions/unified-mdr-xdr-vm/",
"https://3xp0rt.com/posts/mars-stealer/",
"https://cyberint.com/blog/research/mars-stealer/",
"https://isc.sans.edu/diary/Arkei+Variants%3A+From+Vidar+to+Mars+Stealer/28468"
]
},
"uuid": "54b61c7e-8ced-4b90-a295-62102bfd4f32",
"value": "Oski Stealer"
} }
], ],
"version": 13 "version": 14
} }