CavalierGPT: The First Comprehensive Infostealers AI Bot - Try Now →

Created by: TropChaud

Date created: 2023-01-24

Last edited: 2023-01-29

Description: Heatmap of instances of ATT&CK techniques for an information stealer discovered in January 2023 that achieves initial access via a malicious software dependency (a Python package). Public CTI report sources are provided in Notes for each technique. Please note: the reference from the Loginsoft source lists malware infrastructure that contains derogatory terminology, including a racial slur.

Techniques (10)

  • Application Layer Protocol

    ID: T1071

    Tactics: Command and Control

    Description: https://www.loginsoft.com/blog/2023/01/13/discock-stealer-another-polymorphic-malware-like-wasp-stealer/

  • Compromise Software Dependencies and Development Tools

    ID: T1195.001

    Tactics: Initial Access

    Description: https://www.loginsoft.com/blog/2023/01/13/discock-stealer-another-polymorphic-malware-like-wasp-stealer/

  • Credentials from Web Browsers

    ID: T1555.003

    Tactics: Credential Access

    Description: https://www.loginsoft.com/blog/2023/01/13/discock-stealer-another-polymorphic-malware-like-wasp-stealer/

  • Credentials In Files

    ID: T1552.001

    Tactics: Credential Access

    Description: https://www.loginsoft.com/blog/2023/01/13/discock-stealer-another-polymorphic-malware-like-wasp-stealer/

  • Deobfuscate/Decode Files or Information

    ID: T1140

    Tactics: Defense Evasion

    Description: https://www.loginsoft.com/blog/2023/01/13/discock-stealer-another-polymorphic-malware-like-wasp-stealer/

  • Exfiltration Over Alternative Protocol

    ID: T1048

    Tactics: Exfiltration

    Description: https://www.loginsoft.com/blog/2023/01/13/discock-stealer-another-polymorphic-malware-like-wasp-stealer/

  • File and Directory Discovery

    ID: T1083

    Tactics: Discovery

    Description: https://www.loginsoft.com/blog/2023/01/13/discock-stealer-another-polymorphic-malware-like-wasp-stealer/

  • Python

    ID: T1059.006

    Tactics: Execution

    Description: https://www.loginsoft.com/blog/2023/01/13/discock-stealer-another-polymorphic-malware-like-wasp-stealer/

  • Steal Web Session Cookie

    ID: T1539

    Tactics: Credential Access

    Description: https://www.loginsoft.com/blog/2023/01/13/discock-stealer-another-polymorphic-malware-like-wasp-stealer/

  • Web Cookies

    ID: T1606.001

    Tactics: Credential Access

    Description: https://www.loginsoft.com/blog/2023/01/13/discock-stealer-another-polymorphic-malware-like-wasp-stealer/

infostealers-logo

BE THE FIRST TO KNOW

Get FREE access to Cavalier GPT

Stay informed with the latest insights in our Infostealers weekly report.

Receive a notification if your email is involved in an Infostealer infection.

No Spam, We Promise

BE THE FIRST TO KNOW

Get FREE access to Cavalier GPT

Stay informed with the latest insights in our Infostealers weekly report.

Receive a notification if your email is involved in an Infostealer infection.

No Spam, We Promise