otx.alienvault.com Open in urlscan Pro
13.32.121.87  Public Scan

Form analysis
0 forms found in the DOM

Text Content

×

   
 * Browse
 * Scan Endpoints
 * Create Pulse
 * Submit Sample
 * API Integration
   
   
 * Login | Sign Up
   

All
   
 * Login | Sign Up
   
 * 
   

Share
Actions
Subscribers (226527)
Suggest Edit
Clone
Embed
Download
Report Spam



ANALYSIS OF THE FIRST NUGET (.NET) MALICIOUS PACKAGE ATTACK

   
 * Created 1 hour ago by AlienVault
 * Public
 * TLP: White

Detailed analysis of a malicious payload “Impala Stealer”, a custom crypto
stealer which was used as the payload for a NuGet malicious packages campaign.

Reference:
https://jfrog.com/blog/impala-stealer-malicious-nuget-package-payload/
Tags:
exodus, impala stealer, nuget, discord, javascript code, powershell
Malware Families:
Exodus Wallet , Impala
Att&ck IDs:
T1055 - Process Injection , T1195 - Supply Chain Compromise , T1070 - Indicator
Removal on Host , T1547 - Boot or Logon Autostart Execution , T1218 - Signed
Binary Proxy Execution , T1102 - Web Service , T1104 - Multi-Stage Channels ,
T1059 - Command and Scripting Interpreter

 * Indicators of Compromise (2)
 * Related Pulses (6)
 * Comments (0)
 * History (0)

Hostname (2)

TYPES OF INDICATORS

Show
10 25 50 100
entries
Search:

type

indicator

Role

title

Added

Active

related Pulses

hostnamemanage.carasel.netApr 11, 2023, 1:12:35 PM2

hostnameanarchy.wrapper.netApr 11, 2023, 1:12:35 PM6


SHOWING 1 TO 2 OF 2 ENTRIES


COMMENTS

You must be logged in to leave a comment.

Refresh Comments

 * © Copyright 2023 AlienVault, Inc.
   
 * Legal
   
 * Status