ioc[.]one - OSINT Cyber Threat Intelligence Database

Erbium Stealer Malware Report - CYFIRMA

Tags

cmtmf-attack-pattern:	Obfuscated Files Or Information
country:	Russia
attack-pattern:	Data Model Control Panel - T1218.002 Credentials - T1589.001 Credentials In Files - T1552.001 Data From Local System - T1533 Encrypted Channel - T1521 Encrypted Channel - T1573 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Native Api - T1575 Password Managers - T1555.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Steal Web Session Cookie - T1539 Unsecured Credentials - T1552 Tool - T1588.002 Credentials In Files - T1081 Data From Local System - T1005 Execution Through Api - T1106 Obfuscated Files Or Information - T1027 Process Discovery - T1057 System Information Discovery - T1082

Show in Graph

Common Information

Type	Value
UUID	e1610d00-3046-419b-ae12-0fa64ed874f1
Fingerprint	8d203dfcaffb0619
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 19, 2022, 8:08 a.m.
Added to db	Jan. 16, 2023, 3:54 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Erbium Stealer Malware Report
Title	Erbium Stealer Malware Report - CYFIRMA
Detected Hints/Tags/Attributes	88/3/27

Source URLs

	Redirection	Url
Details	Source	https://www.cyfirma.com/outofband/erbium-stealer-malware-report/

URL Provider

Details	Provider	Source level domain
Details	cyfirma.com	www.cyfirma.com

Attributes

Details	Type	#Events	Value
Details	Domain	4	breached.to
Details	Domain	291	raw.githubusercontent.com
Details	Domain	112	cdn.discordapp.com
Details	Domain	25	www.cyfirma.com
Details	Domain	1	panel.erbium.ml
Details	File	1	c:\users\username\appdata\local\temp\hiokcmapbccbelnex.dll
Details	md5	1	4ce7c27cb4be9d32e333bf032c88235a
Details	md5	1	1EF9C948E6045D8D8794A89CC9545B0F
Details	md5	1	E53C97B18D69F5C6B7A854660E640700
Details	md5	1	3A59B504F6C41324B0D6CB6EDBE3AD61
Details	md5	1	ED6249F72BA742802B2FA3EF20900D18
Details	md5	1	05ED4FFBF6B785750D2CDACCA9287F10
Details	md5	1	5D59E053D45049FFB8C6C08D8944E30C
Details	md5	1	6BC81580D318DC8EBF48B3555DD4C9D7
Details	sha1	1	7fa3530f3cc242075c04a43593faea2a8ce7a194
Details	sha1	1	dabced5b9f1ef63eff6b29152192dfa1f1499481
Details	sha256	1	04642249b0ad41b1c6cc8862ec372c3b9b1e855d104a16a6a3fae694cc23ec0c
Details	sha256	1	e3dd6d5ca0c9a16d95e4c591b7bbad40e3d4d78bcf29ce6d8ea80b263c67f1c5
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	99	T1539
Details	MITRE ATT&CK Techniques	89	T1552.001
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	163	T1573
Details	Url	1	https://www.cyfirma.com/cyber-research-on-the-malicious-use-of-discord