[x] Block Ov3r_Stealer malware aiming to steal account credentials and cryptocurrency.
Description
In early December, during an Advanced Continual Threat Hunt (ACTH) campaign investigation, discovered a new malware
named Ov3r_Stealer. At a high level, this malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors. The tactics and techniques to drop the malware and the code itself is not unique, but because this malware was relatively unknown at the time of discovery, it allowed our investigators to dig a little deeper into its backstory and potentially the origins of this malware.
Enhancement idea
Ov3r_Stealer
malware aiming to steal account credentials and cryptocurrency.Description
In early December, during an Advanced Continual Threat Hunt (ACTH) campaign investigation, discovered a new malware named
Ov3r_Stealer
. At a high level, this malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors. The tactics and techniques to drop the malware and the code itself is not unique, but because this malware was relatively unknown at the time of discovery, it allowed our investigators to dig a little deeper into its backstory and potentially the origins of this malware.Links
https://www.trustwave.com/hubfs/Web/Library/Documents_pdf/FaceBook_Ad_Spreads_Novel_Malware.pdf
IOC
I2P websites
n/a
IPFS websites
n/a
Tor2web websites
n/a
TOR websites
n/a
URL's
Above: Have reported to github to close this malware developers account.
and
and
Folders
n/a
Sub-Domains
n/a
Domains
n/a
IP's
Emails
Wallet addresses
n/a
Mining pool addresses
n/a