MALICIOUS (1) campaign cataloged at 2025-09-19(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2025-09-suyo¶
Package contains an infostealer and is clearly prepared for using it. Different versions present different variations, newer are based on CStealer. The exfiltration target is a hardcoded discord webhook
Abuse categories¶
exfiltration_browser_data
Campaign uses exfiltration_browser_data.
infostealer
Campaign uses infostealer.
infostealer:cstealer
Campaign uses infostealer:cstealer.
IoCs & related URLs¶
URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.
hxxps://discord.com/api/webhooks/1416787330873688224/4PB-5IWwMalA9DM5aNtX2O1V1FhofPrA2HkcfBqrcPnSy-ue-s5xLi9jxaPpMAjup-5I