otx.alienvault.com Open in urlscan Pro
143.204.98.16  Public Scan

Form analysis
0 forms found in the DOM

Text Content

×

   
 * Browse
 * Scan Endpoints
 * Create Pulse
 * Submit Sample
 * API Integration
   
   
 * Login | Sign Up
   

All
   
 * Login | Sign Up
   
 * 
   


Share
Actions
Subscribers (182310)
Suggest Edit
Clone
Embed
Download
Report Spam



FFDROIDER STEALER TARGETING SOCIAL MEDIA PLATFORM ZSCALER

   
 * Created 1 hour ago by AlienVault
 * Public
 * TLP: White

Credential stealing malware is commonly observed in the landscape of cyber
attacks today. Zscaler ThreatLabz team has discovered many new types of stealer
malwares across different attack campaigns. Stealers are malicious programs that
threat actors use to collect sensitive information with various techniques
including keylogging, cookie stealing, and sending stolen information to the
Command and Control Server. Recently, ThreatLabz identified a novel windows
based malware creating a registry key as FFDroider. Based on this observation,
ThreatLabz named this new malware the Win32.PWS.FFDroider. Designed to send
stolen credentials and cookies to a Command & Control server, FFDroider
disguises itself on victim’s machines to look like the instant messaging
application “Telegram”.

Reference:
https://www.zscaler.com/blogs/security-research/ffdroider-stealer-targeting-social-media-platform-users
Tags:
cobalt strike, stealer, FFDroider
Malware Families:
FFDroider , Cobalt Strike
Att&ck IDs:
T1003 - OS Credential Dumping , T1005 - Data from Local System , T1016 - System
Network Configuration Discovery , T1018 - Remote System Discovery , T1027 -
Obfuscated Files or Information , T1055 - Process Injection , T1057 - Process
Discovery , T1082 - System Information Discovery , T1083 - File and Directory
Discovery , T1027.002 - Software Packing

Endpoint Security
Scan your endpoints for IOCs from this Pulse!
Learn more
 * Indicators of Compromise (7)
 * Related Pulses (4)
 * Comments (0)
 * History (0)

IPv4 (2)Hostname (1)FileHash-MD5 (2)FileHash-SHA256 (1)FileHash-SHA1 (1)

TYPES OF INDICATORS

Russia (1)Belize (1)

THREAT INFRASTRUCTURE

Show
10 25 50 100
entries
Search:

type

indicator

Role

title

Added

Active

related Pulses

hostnamedownload.studymathlive.comApr 7, 2022, 8:01:29 AM2

FileHash-MD56a235ccfd5dd5e47d299f664d03652b7Apr 7, 2022, 8:01:29 AM2

FileHash-SHA25694031fe0fbda71abdfa4f51c370d0da17deae7578549a81335dfbb446f75c474trojanWin32/MassonApr
7, 2022, 8:01:29 AM2

FileHash-SHA1d007e52aa93034a54b2f8167e3bcdcff8a65a63dtrojanWin32/MassonApr 7,
2022, 8:01:29 AM2

FileHash-MD5beb93a48eefd9be5e5664754e9c6f175trojanWin32/MassonApr 7, 2022,
8:01:29 AM2

IPv4186.2.171.17command_and_controlWin32/MassonApr 7, 2022, 8:01:29 AM3

IPv4152.32.228.19command_and_controlWin32/MassonApr 7, 2022, 8:01:29 AM34


SHOWING 1 TO 7 OF 7 ENTRIES


COMMENTS

You must be logged in to leave a comment.

Refresh Comments

 * © Copyright 2022 AlienVault, Inc.
   
 * Legal
   
 * Status