da_6672d ago

nice blog post by kaspsky, unveiling a couple of malicious self-hosted gogs instances, as well as some unique pastebin-like services I haven't seen before. The pastebin-like services have been added to today's ETOPEN release, in the ET INFO category. use them for threat hunting!

forgot my link: https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/

snippet.host
chiaselinks.com
rlim.com
paste.kealper.com

#pastebin #threat_hunting #ClipBanker

The long road to your crypto: ClipBanker and its marathon infection chain

Threat actors are distributing a Trojan disguised as Proxifier software; through a multi-stage infection chain, it delivers ClipBanker – malware that replaces cryptocurrency wallet addresses in the clipboard.

Kaspersky
Show threadda_667
cc @badsamurai these might be some service domains to consider for bs-lists. If you want, I can drop a github issue if you'd like.
Apr 9 at 7:58pmWeb
Show threadB'ad Samurai πŸπŸ‡ΊπŸ‡¦2d ago

@da_667 oh I dig it. A ping here works too :) thanks.

Because vendor classifications are πŸ«