IOC: 209be12b657d3ffbf97b47e64733410d606bc5b9

216.73.216.226

Indicator (IOC)

yara Revoked AlienVault · Published 20/12/2025 19:38 · Modified 20/12/2025 23:55

Essential information

Value / Name: 209be12b657d3ffbf97b47e64733410d606bc5b9
Confidence: 100/100
Revoked: Yes
Valid from: 08/03/2023 17:34
Valid until: 10/06/2024 18:34
Pattern type: yara
Published: 20/12/2025 19:38
Modified: 20/12/2025 23:55
Author / Source: AlienVault

Description

No description.

Pattern

rule ImBetter: Stealer {  meta:  Description = "ImBetter Stealer"  Maltype = "Information Stealer"  Filetype = "Win32 EXE"  strings:  $a1 = "C:\\Users\\Public\\Scr-urtydcfgads.png"  $a2 = "ImBetter.pdb"  $a3 = "195.133.40.3"  $a4 = "AcWebBrowser\\User Data\\Local State"  condition:  uint16(0) == 0x5A4D  and 2 of ($a*) }

Labels / Tags

Labels: crypto imbetter stealer

Marking (TLP)

TLP:CLEAR

Related entities

No linked attack reports or intrusion sets yet.