From fa8d0e35f684e48b177f3b198acbb5bad30740f9 Mon Sep 17 00:00:00 2001 From: raw-data Date: Fri, 6 Jul 2018 11:00:11 +0100 Subject: [PATCH] [add] x1 new entry in stealer.json - AZORult --- clusters/stealer.json | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/clusters/stealer.json b/clusters/stealer.json index 8fbf92c..23cedca 100644 --- a/clusters/stealer.json +++ b/clusters/stealer.json @@ -1,8 +1,8 @@ { "uuid": "f2ef4033-9001-4427-a418-df8c48e6d054", - "description": "A list of malware stealer.", + "name": "Stealer", "source": "Open Sources", - "version": 1, + "version": 2, "values": [ { "meta": { @@ -25,11 +25,24 @@ "description": "The first version stole browser credentials and cookies, along with all text files it can find on the system. The second variant added the ability to collect Telegram's desktop cache and key files, as well as login information for the video game storefront Steam.", "value": "TeleGrab", "uuid": "a6780288-24eb-4006-9ddd-062870c6feec" + }, + { + "meta": { + "date": "July 2018.", + "refs": [ + "https://www.proofpoint.com/us/threat-insight/post/threat-actors-using-legitimate-paypal-accounts-to-distribute-chthonic-banking-trojan", + "https://blog.minerva-labs.com/analyzing-an-azorult-attack-evasion-in-a-cloak-of-multiple-layers", + "https://malware.lu/articles/2018/05/04/azorult-stealer.html" + ] + }, + "description": "It is able to steal accounts from different software, such as, Firefox password Internet Explorer/Edge Thunderbird Chrome/Chromium and many more. It is also able to (1) list all installed software, (2) list processes, (3) Get information about the machine name (CPU type, Graphic card, size of memory), (4) take screen captures, (5) Steal cryptomoney wallet from Electrum, MultiBit, monero-project, bitcoin-qt.", + "value": "AZORult", + "uuid": "a646edab-5c6f-4a79-8a6c-153535259e16" } ], "authors": [ "raw-data" ], "type": "stealer", - "name": "Stealer" + "description": "A list of malware stealer." }