ioc[.]one - OSINT Cyber Threat Intelligence Database

LOLI Stealer – Golang-based InfoStealer spotted in the wild

Tags

cmtmf-attack-pattern:	Application Layer Protocol
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Credentials In Files - T1552.001 Data From Local System - T1533 File And Directory Discovery - T1420 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Discovery - T1518 Software Packing - T1027.002 Software Packing - T1406.002 Virtualization/Sandbox Evasion - T1497 Unsecured Credentials - T1552 Tool - T1588.002 Virtualization/Sandbox Evasion - T1633 Standard Application Layer Protocol - T1071 Credentials In Files - T1081 Data From Local System - T1005 File And Directory Discovery - T1083 Obfuscated Files Or Information - T1027 Screen Capture - T1113 Software Packing - T1045 System Information Discovery - T1082 User Execution - T1204 Screen Capture User Execution

Show in Graph

Common Information

Type	Value
UUID	db778900-3234-4165-aa8c-708ffabf9d64
Fingerprint	ef2473b303fb2201
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 3, 2022, midnight
Added to db	Oct. 24, 2023, 1:41 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	LOLI Stealer – Golang-based InfoStealer spotted in the wild
Title	LOLI Stealer – Golang-based InfoStealer spotted in the wild
Detected Hints/Tags/Attributes	76/3/19

Source URLs

	Redirection	Url
Details	Redirection	https://blog.cyble.com/2022/08/03/loli-stealer-golang-based-infostealer-spotted-in-the-wild/
Details	Source	https://cyble.com/blog/loli-stealer-golang-based-infostealer-spotted-in-the-wild/

URL Provider

Details	Provider	Source level domain
Details	cyble.com	cyble.com
Details	cyble.com	blog.cyble.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		webstealer.ru
Details	File	76		gdi32.dll
Details	File	1		webstealer.png
Details	File	99		passwords.txt
Details	File	1		dsmicrosoft_launcher.exe
Details	md5	1		09e7df1b7af441df97311eb490cf6253
Details	sha1	1		71542eba588e5500118a46e6918f6b19f9e69b66
Details	sha256	1		595142ac0ecaf32e5cd9a477f440bac99b52dcc6c2fa083424d5007fdf0caeec
Details	MITRE ATT&CK Techniques	420		T1204
Details	MITRE ATT&CK Techniques	238		T1497
Details	MITRE ATT&CK Techniques	627		T1027
Details	MITRE ATT&CK Techniques	185		T1518
Details	MITRE ATT&CK Techniques	1006		T1082
Details	MITRE ATT&CK Techniques	113		T1552
Details	MITRE ATT&CK Techniques	534		T1005
Details	MITRE ATT&CK Techniques	157		T1560
Details	MITRE ATT&CK Techniques	219		T1113
Details	MITRE ATT&CK Techniques	444		T1071
Details	Url	1		http://webstealer.ru/gate.php