Skip to main content

Posts

Featured

Threat: Fox Stealer, the Russian Telegram skid army

About a month ago my crawler found what seemeed to be a command & control panel that I had never seen before. After researching it I couldn't find any information about it and it seemed different than other foxed themed malwares such has Diamond Fox or Pony Forx. I had questions such has where does this came from? Where is it sold? What does it do? This article covers my findings and the answer to all of the above. I haven't analyzed the binary since I'm not really interested to know how it does what I know it does. But if that's your jam you'll find some hashes at the end of this article. After finding the first panel I tailored my crawler to look for similar panels. Quickly I realized there was 2 versions going around, one had a blue theme and the other one was orange. The orange version seemed a bit more elaborate: The orange version displays a screenshot and AutoFill data In the Settings page we can see some differences: The ora

Latest Posts

APT34 / OILRIG Leak, Quick Analysis