Mirrors/cert-orangecyberdefense-cti
1
0
Fork 0
mirror of https://github.com/cert-orangecyberdefense/cti synced 2026-06-10 15:31:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

image

Browse Source
This commit is contained in:
CERT Orange Cyberdefense
2026-05-05 12:19:25 +02:00
committed by GitHub
parent 447ea5dfda
commit afdade9fab
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
STX-RAT/20260505_stx-rat_campaigns.md
+3
View File
@@ -3,6 +3,8 @@ Our investigation identified overlaps across these campaigns, and related sample
#CTI #ThreatIntel #STXRAT #CTI #ThreatIntel #STXRAT
![Campaigns delivering STX RAT](https://world-watch-images.s3.gra.io.cloud.ovh.net/2026/05/stx_watermarked_compressed.png)
1/ Our investigation started from the publicly documented FileZilla campaign, which used a fake FileZilla website to distribute trojanized FileZilla 3.69.5 packages. 1/ Our investigation started from the publicly documented FileZilla campaign, which used a fake FileZilla website to distribute trojanized FileZilla 3.69.5 packages.
The campaign used two delivery variants: The campaign used two delivery variants:
a portable archive containing the legitimate FileZilla package plus a malicious version.dll a portable archive containing the legitimate FileZilla package plus a malicious version.dll
@@ -27,4 +29,5 @@ Notably, credential theft is only activated after successful C2 interaction.
7/ We published a full advisory for our customers on the infection chain, overlaps, and malware analysis. Related IoCs are also available in this public GitHub repository. 7/ We published a full advisory for our customers on the infection chain, overlaps, and malware analysis. Related IoCs are also available in this public GitHub repository.