[ADD] x2 new info/pwd stealers - Nocturnal Stealer, TeleGrab

2018-06-01 15:59:25 +01:00 · 2018-06-01 15:59:25 +01:00 · 388a2b25b3
parent 13be3273c4
commit 388a2b25b3
1 changed files with 35 additions and 0 deletions
--- a/clusters/stealer.json
+++ b/clusters/stealer.json
@ -0,0 +1,35 @@
+{
+  "uuid": "f2ef4033-9001-4427-a418-df8c48e6d054",
+  "description": "A list of malware stealer.",
+  "source": "Open Sources",
+  "version": 1,
+  "values": [
+    {
+      "meta": {
+        "date": "March 2018.",
+        "refs": [
+          "https://www.proofpoint.com/us/threat-insight/post/thief-night-new-nocturnal-stealer-grabs-data-cheap"
+        ]
+      },
+      "description": "It is designed to steal data found within multiple Chromium and Firefox based browsers, it can also steal many popular cryptocurrency wallets as well as any saved FTP passwords within FileZilla. Nocturnal Stealer uses several anti-VM and anti-analysis techniques, which include but are not limited to: environment fingerprinting, checking for debuggers and analyzers, searching for known virtual machine registry keys, and checking for emulation software.",
+      "value": "Nocturnal Stealer",
+      "uuid": "e7080bce-99b5-4615-a798-a192ed89bd5a"
+    },
+    {
+      "meta": {
+        "date": "March 2018.",
+        "refs": [
+          "https://blog.talosintelligence.com/2018/05/telegrab.html"
+        ]
+      },
+      "description": "The first version stole browser credentials and cookies, along with all text files it can find on the system. The second variant added the ability to collect Telegram's desktop cache and key files, as well as login information for the video game storefront Steam.",
+      "value": "TeleGrab",
+      "uuid": "a6780288-24eb-4006-9ddd-062870c6feec"
+    }
+  ],
+  "authors": [
+    "raw-data"
+  ],
+  "type": "stealer",
+  "name": "Stealer"
+}