The May release for ACCE includes updates and support including #AurotunStealer #rutserv #PupkinStealer #PE32Ransomware #Interlock www.ciphertechsolutions.com/acce-release...
1
1
0
0
Hashtag
#AurotunStealer
Advertisement · 728 × 90
StealC v2 and Aurotun Stealer traffic to 62.60.226.114 in PCAP file from tria.ge
StealC v2 and Aurotun Stealer seem to be interconnected. They are sometimes deployed as part of the same infection chain and share C2 infrastructure. Like in this malware run:
https://tria.ge/250411-f3d2tszyhy/behavioral1
👾 StealC v2: 62.60.226.114:80
👾 […]
[Original post on infosec.exchange]
0
0
0
0
Aurotun Stealer C2 traffic loaded into CapLoader. CapLoader currently classifies the traffic as "LimeRAT" because it doesn't yet have a protocol model for Aurotun Stealer. This misclassification implies that those two C2 protocols share similar traits.
C2 servers of newly discovered Aurotun Stealer:
👾 45.227.252.199:7712
👾 46.4.119.125:7712
👾 62.60.226.101:40101
👾 62.60.226.101:40105
👾 62.60.226.114:40101
👾 146.190.108.105:7712
👾 155.138.150.12:7712
👾 198.251.84.107:7712
#AurotunStealer #threatintel
1
0
1
0