otx.alienvault.com
Open in
urlscan Pro
143.204.98.16
Public Scan
URL:
https://otx.alienvault.com/pulse/624e9a5856228defc690869e
Submission: On April 07 via api from US — Scanned from DE
Submission: On April 07 via api from US — Scanned from DE
Form analysis
0 forms found in the DOMText Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (182310) Suggest Edit Clone Embed Download Report Spam FFDROIDER STEALER TARGETING SOCIAL MEDIA PLATFORM ZSCALER * Created 1 hour ago by AlienVault * Public * TLP: White Credential stealing malware is commonly observed in the landscape of cyber attacks today. Zscaler ThreatLabz team has discovered many new types of stealer malwares across different attack campaigns. Stealers are malicious programs that threat actors use to collect sensitive information with various techniques including keylogging, cookie stealing, and sending stolen information to the Command and Control Server. Recently, ThreatLabz identified a novel windows based malware creating a registry key as FFDroider. Based on this observation, ThreatLabz named this new malware the Win32.PWS.FFDroider. Designed to send stolen credentials and cookies to a Command & Control server, FFDroider disguises itself on victim’s machines to look like the instant messaging application “Telegram”. Reference: https://www.zscaler.com/blogs/security-research/ffdroider-stealer-targeting-social-media-platform-users Tags: cobalt strike, stealer, FFDroider Malware Families: FFDroider , Cobalt Strike Att&ck IDs: T1003 - OS Credential Dumping , T1005 - Data from Local System , T1016 - System Network Configuration Discovery , T1018 - Remote System Discovery , T1027 - Obfuscated Files or Information , T1055 - Process Injection , T1057 - Process Discovery , T1082 - System Information Discovery , T1083 - File and Directory Discovery , T1027.002 - Software Packing Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (7) * Related Pulses (4) * Comments (0) * History (0) IPv4 (2)Hostname (1)FileHash-MD5 (2)FileHash-SHA256 (1)FileHash-SHA1 (1) TYPES OF INDICATORS Russia (1)Belize (1) THREAT INFRASTRUCTURE Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses hostnamedownload.studymathlive.comApr 7, 2022, 8:01:29 AM2 FileHash-MD56a235ccfd5dd5e47d299f664d03652b7Apr 7, 2022, 8:01:29 AM2 FileHash-SHA25694031fe0fbda71abdfa4f51c370d0da17deae7578549a81335dfbb446f75c474trojanWin32/MassonApr 7, 2022, 8:01:29 AM2 FileHash-SHA1d007e52aa93034a54b2f8167e3bcdcff8a65a63dtrojanWin32/MassonApr 7, 2022, 8:01:29 AM2 FileHash-MD5beb93a48eefd9be5e5664754e9c6f175trojanWin32/MassonApr 7, 2022, 8:01:29 AM2 IPv4186.2.171.17command_and_controlWin32/MassonApr 7, 2022, 8:01:29 AM3 IPv4152.32.228.19command_and_controlWin32/MassonApr 7, 2022, 8:01:29 AM34 SHOWING 1 TO 7 OF 7 ENTRIES COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2022 AlienVault, Inc. * Legal * Status