Just Another Blue Teamer<p>Good day everyone!</p><p>Check Point Software researchers provide us a detailed report on a newly discovered malware the <a href="https://ioc.exchange/tags/StyxStealer" class="mention hashtag" rel="tag">#<span>StyxStealer</span></a>! It is capable of "stealing browser data, instant messenger sessions from Telegram and Discord, and cryptocurrency" and contains defense evasion techniques. While the malware may be new, one technique that stood out isn't! The use of the Windows run registry key for persistence (Software\Microsoft\Windows\CurrentVersion\Run) is not. </p><p>This registry key is abused because of the function it carries with it: you can reference an executable or script or whatever you want in the registry details and it will execute once a user logs in. This removes the need for the adversary to have to social engineer or compromise a host over and over again. </p><p>Knowing that, enjoy the article and stay tuned for your Threat Hunting Tip of the Day! </p><p>Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove<br /><a href="https://research.checkpoint.com/2024/unmasking-styx-stealer-how-a-hackers-slip-led-to-an-intelligence-treasure-trove/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">research.checkpoint.com/2024/u</span><span class="invisible">nmasking-styx-stealer-how-a-hackers-slip-led-to-an-intelligence-treasure-trove/</span></a></p><p>Cyborg Security Intel 471 <a href="https://ioc.exchange/tags/CyberSecurity" class="mention hashtag" rel="tag">#<span>CyberSecurity</span></a> <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="tag">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="tag">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="tag">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="tag">#<span>HappyHunting</span></a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="tag">#<span>readoftheday</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC)
InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.
Administered by:
Server stats:
1.6Kactive users
ioc.exchange: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#styxstealer
0 posts · 0 participants · 0 posts today
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload