ioc[.]one - OSINT Cyber Threat Intelligence Database

Sapphire Werewolf Upgrades Arsenal With Amethyst Stealer Targeting Energy Firms

Tags

cmtmf-attack-pattern:	Masquerading
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Credentials - T1589.001 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Phishing - T1660 Phishing - T1566 Ssh - T1021.004 Masquerading - T1036 Masquerading

Show in Graph

Common Information

Type	Value
UUID	daec25e2-78ef-4383-bf91-25204db7ad07
Fingerprint	df1438c0a299c541
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 10, 2025, 3:13 p.m.
Added to db	April 10, 2025, 6:11 p.m.
Last updated	April 14, 2025, 2:44 p.m.
Headline	Sapphire Werewolf Upgrades Arsenal With Amethyst Stealer Targeting Energy Firms
Title	Sapphire Werewolf Upgrades Arsenal With Amethyst Stealer Targeting Energy Firms
Detected Hints/Tags/Attributes	41/3/7

Source URLs

	Redirection	Url
Details	Source	https://gbhackers.com/sapphire-werewolf-upgrades-arsenal-with-amethyst-stealer/

URL Provider

Details	Provider	Source level domain
Details	gbhackers.com	gbhackers.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	125	✔	GBHackers Security \| #1 Globally Trusted Cyber Security News Platform	https://gbhackers.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	11		canarytokens.com
Details	Domain	2		wondrous-bluejay-lively.ngrok-free.app
Details	File	2		payments.js
Details	md5	2		93d048364909018a492c8f709d385438
Details	sha1	2		94034e04636bc4450273b50b07b45f636ff59b05
Details	sha256	2		4149b07d9fdcd04b34efa0a64e47a1b9581ff9d1f670ea552b7c93fb66199b5f
Details	Url	2		http://canarytokens.com/traffic/tags/static/xjemqlqirwqru9pkrh3j4ztmf/payments.js