Attackers exploit Windows SMB vulnerability CVE-2017-0143 or use stolen credentials to gain access, deploy the custom Calypso RAT and use it to upload other tools such as Mimikatz, EternalBlue and EternalRomance. They move laterally and steal data.
Sunday, December 1, 2019
Sunday, October 6, 2019
Masad Clipper and Stealer - Windows spyware exfiltrating data via Telegram (samples)
“Masad Clipper and Stealer” steals browser information, computer files, and automatically replaces cryptocurrency wallets from the clipboard with its own.
It is written using Autoit scripts and then compiled into a Windows executable.
It uses Telegram to exfiltrate stolen information.
It uses Telegram to exfiltrate stolen information.
Subscribe to:
Posts (Atom)