all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Steal-It Campaign

Add to bookmarks
Sept. 6, 2023, 3:45 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Introduction


Zscaler ThreatLabz recently discovered a new stealing campaign dubbed as the “Steal-It” campaign. In this campaign, the threat actors steal and exfiltrate NTLMv2 hashes using customized versions of Nishang’s Start-CaptureServer PowerShell script, executing various system commands, and exfiltrating the retrieved data via Mockbin APIs.


Through an in-depth analysis of the malicious payloads, our team observed a geofencing strategy employed by the campaign, with specific focus on targeting regions including Australia, Poland, and Belgium. These operations use customized PowerShell scripts, …

analysis apis campaign data geofencing hashes introduction malicious powershell powershell script script start steal stealing system team threat threat actors threatlabz zscaler

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

CVE-2024-3661, a.k.a. TunnelVision, Exposes a VPN Bypass Vulnerability an hour ago | malware.news
attackers bypass bypass vulnerability can +20
Alleged LockBit Ransomware Gang Leader Named an hour ago | malware.news
development dmitry yuryevich khoroshev gang impact +11
Defenders assemble: Time to get in the game 2 hours ago | malware.news
alliance article defenders game +8
Google Continues Mixing Generative AI into Cybersecurity 2 hours ago | malware.news
ai model cloud cloud service conference +21
Law enforcement indicts mastermind behind LockBit ransomware gang 3 hours ago | malware.news
article enforcement gang law +9
To Fix IoT Security, 'We Need to Aim at the Security Have-Nots' 3 hours ago | malware.news
aim attackers change devices +22
Google Chrome security advisory (AV24-244) 4 hours ago | malware.news
advisory article canadian canadian centre for cyber security +11
Security researchers say this scary exploit could render all VPNs useless 4 hours ago | malware.news
article exploit link researchers +8
Tetris, APT42, Kimsuky, Android, ChatRTX, MITRE, Computer Dating, Josh Marpet, More - SWN #384 4 hours ago | malware.news
android apt42 article chatrtx +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Principal Engineer - DLP Endpoint Security

@ Netskope | Bengaluru, Karnataka, India
View on infosec-jobs.com

Security Consultant (m/w/d)

@ Deutsche Telekom | Berlin, Deutschland
View on infosec-jobs.com

Security Engineer

@ IDEMIA | Haarlem, NL, 2031 CC
View on infosec-jobs.com

CyberSecurity Forensics and Incident Response Analyst

@ Bosch Group | Pittsburgh, PA, United States
View on infosec-jobs.com

Cyber MS MDR - Sr Associate

@ KPMG India | Bengaluru, Karnataka, India
View on infosec-jobs.com

Senior Lead Cybersecurity Architect-Threat modeling, Cryptography

@ JPMorgan Chase & Co. | India
View on infosec-jobs.com
View more jobs