{ "name": "Threat Actor Distributes Python-Based Info Stealer Using Fake Update", "slug": "threat-actor-distributes-python-based-info-stealer-using-fake-update", "description": "An unidentified threat actor exploited the July 19, 2024 Falcon sensor content issue to distribute a Python-based information stealer named Connecio. The malware was delivered via a malicious ZIP file masquerading as a Falcon update. Connecio collects system information, browser data, and exfiltrates it over SMTP to attacker-controlled accounts. It also contains functionality for clipboard hijacking related to cryptocurrency addresses.", "published": "2024-07-29T09:29:19+00:00", "created_at": "2024-07-29T09:29:19+00:00", "modified_at": "2024-07-29T10:03:58+00:00", "created_at_opencti": "2024-07-29T09:29:19+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-07-29", "connecio", "falcon", "stealer" ], "related_entities": { "observables": [ { "id": "", "name": "185.255.114.63" }, { "id": "", "name": "185.255.114.110" }, { "id": "", "name": "139.99.232.135" }, { "id": "", "name": "http://xryptbx.com:465" }, { "id": "", "name": "http://web3versecoin.com:465" }, { "id": "", "name": "http://mail.dshu.xyz:465" }, { "id": "", "name": "mail.dshu.xyz" }, { "id": "", "name": "web3versecoin.com" }, { "id": "", "name": "xryptbx.com" }, { "id": "", "name": "theprofits.online" }, { "id": "", "name": "klaxusonline.com" }, { "id": "", "name": "dshu.xyz" }, { "id": "", "name": "send@dshu.xyz" }, { "id": "", "name": "logsmaster@xryptbx.com" }, { "id": "", "name": "logs@theprofits.online" }, { "id": "", "name": "logs@web3versecoin.com" }, { "id": "", "name": "info2024@klaxusonline.com" }, { "id": "", "name": "frank@dshu.xyz" }, { "id": "", "name": "6000@xryptbx.com" }, { "id": "", "name": "CrowdStrike_CSA_240846_01" }, { "id": "", "name": "d7c1be2d0b7d2714ff710676d228ac751c4eba280309e1241a9f7e441299a177" }, { "id": "", "name": "5ba542fcfa45d50c0d65dda4dbbd7a28f737a2fc53841ddaab7f68ae1cdf5183" }, { "id": "", "name": "56cbd8ce60f18d4cececfa703a92c0188dd81ed97b4de12e3f120d7ce736225a" }, { "id": "", "name": "21653e267a6c7e4f10064ad2489dba54e04612cc7ce4043b8c8dcaf8b39210d6" }, { "id": "", "name": "bc1qr9euay9qsfwsgh2edeqfk0rpw90c9zl9f69kfk" }, { "id": "", "name": "bc1qlneepetqamw7vmfludvrjgnk7tjprzlcy5e293" }, { "id": "", "name": "bc1qfwx6sase663vranpr7mkf485ypz3nzvtl0xtld" }, { "id": "", "name": "1Q4V4c1d6Vmr1Bf9BWejixnF8XnfdY6m4s" }, { "id": "", "name": "17tVNxknYnnkrvY3vN4Tw23fXQdSmn7CDU" }, { "id": "", "name": "13KadCbGWS4rzXiAyc7HHW2HDopN59hKa6" } ], "malware": [ { "id": "legacy:malware:d4f1925859f1d811", "name": "Connecio", "slug": "connecio" } ], "attack_patterns": [ { "id": "d3254e3b-07e6-4420-96e0-2e107ce17712", "name": "T1102.001" }, { "id": "7671fe3e-6a85-463e-928d-16117d2f4f9b", "name": "T1059.006" }, { "id": "0ca071fb-4f52-4672-b64a-75deff57d874", "name": "T1048" }, { "id": "196f2a64-c55b-47a6-8e38-beb76ba700b6", "name": "T1204.002" } ] }, "external_refs": [ "https://www.crowdstrike.com/blog/threat-actor-distributes-python-based-information-stealer/", "https://otx.alienvault.com/pulse/66a77d0f5896bee31c5eb258" ] }