New Vega Stealer shines brightly in targeted campaign | Proofpoint US
Tags
attack-pattern: Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 9d1eb7ee-b0f7-47f9-850e-f204646bde80
Fingerprint 2490a853823f9ea9
Analysis status DONE
Considered CTI value 0
Text language
Published May 10, 2018, 8:45 p.m.
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 19, 2024, 8:52 p.m.
Headline New Vega Stealer shines brightly in targeted campaign
Title New Vega Stealer shines brightly in targeted campaign | Proofpoint US
Detected Hints/Tags/Attributes 50/1/19
Source URLs
Redirection Url
Details Source https://www.proofpoint.com/us/threat-insight/post/new-vega-stealer-shines-brightly-targeted-campaign
URL Provider
Details Provider Source level domain
Details proofpoint.com www.proofpoint.com
Attributes
Details Type #Events CTI Value
Details Domain 13 
support.mozilla.org
Details File 2 
brief.doc
Details File 3 
letter.doc
Details File 36 
key3.db
Details File 41 
key4.db
Details File 64 
logins.json
Details File 60 
cookies.sql
Details File 15 
screenshot.png
Details File 1 
chrome_pw.txt
Details File 1212 
index.php
Details File 1 
foaf.php
Details sha256 1 
2c2d4649fd706f662e75b053b18d207c5d698ecadfb70ec16f0a85465880b8d3
Details sha256 1 
b3535fc9a0c1fc12c161d9257bfff1b698455fa246cc0cd2969affa564747cb4
Details IPv4 1 
46.161.40.155
Details Pdb 1 
c:\users\willy\source\repos\vega\vega\obj\release\vega.pdb
Details Url 1 
https://support.mozilla.org/en-us/kb/recovering-important-data-from-an-old-profile#w_passwords
Details Url 1 
http://46.161.40.155/cachedmajsoea/index.php?e=lossyc
Details Url 1 
http://46.161.40.155/lipomargara/lossyc.yarn
Details Url 1 
http://46.161.40.155/foaf.php