Skip to content

MALICIOUS (1) campaign cataloged at 2024-09-08(2).

  1. The campaign has clearly malicious intent, like infostealers.
  2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2024-08-old-colourfulls

Once imported, the module attempts to download an executable, put into Discord directory and most probably trick discord to start it. The download link does not work any more, so it's not possible to say what exactly the remote file did.

Abuse categories

remote_executable

Downloads and executes a remote executable.

typosquatting

Campaign uses typosquatting.

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

  • hxxps://cdn.discordapp.com/attachments/941400716956799106/942268626843619348/malveillant.exe

Packages in the campaign

campaign:2024-08-old-colourfulls