Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
A predatory tale: Who’s afraid of the thief?
#1
Information 
Quote:
[Image: 190311-predatory-tale-1.png]
 
In mid-February, Kaspersky Lab received a request for incident response from one of its clients. The individual who initially reported the issue to our client refused to disclose the origin of the indicator that they shared. What we do know is that it was a screenshot from one of the client’s internal computers taken on February 11 while an employee was apparently browsing through his emails. In addition, the anonymous source added that the screenshot was transferred to a C2 using a stealer dubbed ‘Predator’.

As soon as the client contacted us, we started conducting a full investigation into the infected machine, including memory dumps, event logs, environment indicators from the network and so on and so forth. Finding very little information about this tool, we decided that seeing as how we’d already dived into the stealer, we might as well share some of our main findings in case other incidents occur in the future. The purpose of this blogpost is to enumerate the Predator stealer’s versions, technical features, indicators and Yara rule signatures, to help monitor and detect new samples, and to provide general information about its owners’ activities.

As well as all the information we collected from the client, we went the extra mile and contacted a source who had previously analyzed Predator. This source was @Fumik0_, a French malware researcher who analyzed versions 2.3.5 and 2.3.7 in his blog just a few months ago (October 2018).

He joined Ido Naor, a principal security researcher at Kaspersky Lab and together they compiled a full analysis of the new versions of ‘Predator the thief’.

The blog was apparently so influential that the owners of the stealer decided to contact Fumik0 via Twitter. An account named Alexuiop1337 claiming to be the owner of Predator is also active and has been responding to Fumik0’s discoveries until fairly recently.
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>