2024-05-09 Profiling Trafficers Cerberus| Threat Intelligence Malaysia

📃Title: Profiling Trafficers: Cerberus
📅Date: 2024-05-09
🔗References:

https://g0njxa.medium.com/profiling-traffic-cerberus-ex-amnesia-3758faba4385

Description

This analysis delves into the activities of a group of malware operators known as Cerberus (formerly Amnesia) Team, who specialize in spreading infostealers, particularly in the Commonwealth of Independent States (CIS) region. It provides insights into their operations, tactics, and the evolution of their malware campaigns over time, shedding light on the ever-evolving landscape of cybercriminal activities.

🔖Rectifyq Taxonomies:

relevancy: 🔴 Highly Relevant
category: ⚔Threat
sub-category: TA-profile
target: broad-based
MY-relevancy: relevant

🔖MISP Galaxies:

target-information=“Russia”
target-information=“United States”
target-information=“Ukraine”
target-information=“Brazil”
target-information=“Belarus”
target-information=“Germany”
target-information=“Kazakhstan”
target-information=“Philippines”
target-information=“Poland”
target-information=“Egypt”
target-information=“Thailand”
target-information=“Netherlands”
target-information=“Mexico”
target-information=“Pakistan”
target-information=“United Kingdom”
target-information=“Colombia”
target-information=“France”
target-information=“Indonesia”
target-information=“Spain”
target-information=“British Indian Ocean Territory”
target-information=“India”
target-information=“Peru”
target-information=“Algeria”
target-information=“Argentina”
target-information=“Bangladesh”
target-information=“Morocco”
target-information=“Italy”
target-information=“Romania”
target-information=“Uzbekistan”
target-information=“Belgium”
target-information=“China”
target-information=“Czech Republic”
target-information=“Malaysia”
target-information=“Chile”
target-information=“Iraq”
target-information=“Portugal”
target-information=“Hungary”
target-information=“Canada”
target-information=“Norway”
target-information=“Ecuador”
target-information=“Sri Lanka”
target-information=“Saudi Arabia”
target-information=“Serbia”
target-information=“Dominican Republic”
target-information=“Tunisia”
target-information=“South Africa”
target-information=“Kyrgyzstan”
target-information=“Israel”
target-information=“Kenya”
target-information=“Iran”
target-information=“Myanmar”
target-information=“Lithuania”
target-information=“Latvia”
target-information=“Georgia”
target-information=“Nigeria”
target-information=“Australia”
target-information=“Nepal”
target-information=“Bulgaria”
target-information=“Sweden”
target-information=“Armenia”
target-information=“Ghana”
target-information=“United Arab Emirates”
target-information=“Switzerland”
target-information=“Slovakia”
target-information=“Jordan”
target-information=“Austria”
target-information=“Japan”
target-information=“Uruguay”
target-information=“Azerbaijan”
target-information=“Estonia”
target-information=“Ethiopia”
target-information=“Bosnia and Herzegovina”
target-information=“Luxembourg”
target-information=“Finland”
target-information=“Singapore”
target-information=“Greece”
target-information=“Palestine”
target-information=“Croatia”
target-information=“Denmark”
target-information=“Taiwan”
target-information=“Guatemala”
target-information=“Cambodia”
target-information=“Lebanon”
target-information=“Mongolia”
target-information=“Costa Rica”
target-information=“Paraguay”
target-information=“Kuwait”
target-information=“Honduras”
target-information=“Madagascar”
target-information=“Ireland”
target-information=“Cameroon”
target-information=“Hong Kong”
target-information=“Togo”
target-information=“North Macedonia”
target-information=“Panama”
target-information=“Albania”
target-information=“Cuba”
target-information=“Senegal”
target-information=“Slovenia”
target-information=“Zambia”
target-information=“Uganda”
target-information=“El Salvador”
target-information=“Equatorial Guinea”
target-information=“Angola”
target-information=“New Zealand”
target-information=“Qatar”
target-information=“Jamaica”
target-information=“South Sudan”
target-information=“Sudan”
target-information=“Libya”
target-information=“Oman”
target-information=“Mozambique”
target-information=“Trinidad and Tobago”
target-information=“Tajikistan”
target-information=“Burkina Faso”
target-information=“Puerto Rico”
target-information=“Nicaragua”
target-information=“Benin”
target-information=“Yemen”
target-information=“Cyprus”
target-information=“Bahrain”
target-information=“Rwanda”
target-information=“Gabon”
target-information=“Namibia”
target-information=“Montenegro”
target-information=“Mali”
target-information=“Papua New Guinea”
target-information=“Zimbabwe”
target-information=“Jersey”
target-information=“Botswana”
target-information=“Malawi”
target-information=“Haiti”
target-information=“Mauritius”
target-information=“Maldives”
target-information=“Somalia”
target-information=“Afghanistan”
target-information=“Guyana”
target-information=“Mauritania”
target-information=“Malta”
target-information=“Saint Kitts and Nevis”
target-information=“Bahamas”
target-information=“Suriname”
target-information=“Iceland”
target-information=“Liberia”
target-information=“Andorra”
target-information=“Barbados”
target-information=“Belize”
target-information=“Fiji”
target-information=“Sierra Leone”
target-information=“Bhutan”
target-information=“Saint Lucia”
target-information=“Guam”
target-information=“Guinea”
target-information=“Guinea-Bissau”
target-information=“Chad”
target-information=“Gambia”
target-information=“Niger”
target-information=“Curaçao”
target-information=“French Polynesia”
target-information=“Lesotho”
target-information=“Burundi”
target-information=“Isle of Man”
target-information=“Liechtenstein”
target-information=“New Caledonia”
target-information=“San Marino”
target-information=“Cayman Islands”
target-information=“Dominica”
target-information=“Faroe Islands”
target-information=“Greenland”
target-information=“Grenada”
target-information=“Guernsey”
target-information=“Turks and Caicos Islands”
target-information=“U.S. Virgin Islands”
target-information=“Anguilla”
target-information=“Antigua and Barbuda”
target-information=“Bermuda”
target-information=“Central African Republic”
target-information=“Comoros”
target-information=“Djibouti”
target-information=“Kiribati”
target-information=“Monaco”
target-information=“Northern Mariana Islands”
target-information=“Palau”
target-information=“Turkmenistan”
malpedia=“MetaStealer”
malpedia=“RedLine Stealer”
producer Medium
mitre-attack-pattern=[]

MISP event uuid: 93c5c28d-f2ad-4db2-a959-4fff38dde26f

Indicator of Compromise (IoCs)

type,value,comment
md5, d1390da1b59947229fc171d380072418, 'REDLINE No sample in VT\r\nLast check:04/05/2025'
md5, 294079f8862567a22dc40045de1d9c4c, 'REDLINE No sample in VT\r\nLast check:04/05/2025'
md5, 66e53717dfdbe851f4d200ef11b0d121, 'REDLINE No sample in VT\r\nLast check:04/05/2025'
md5, 95336ebfdf4fb7a4225c27c3723be4b8, 'META No sample in VT\r\nLast check:04/05/2025'
md5, f1f8de5b4e6984dbf52d278afd09b377, 'META No sample in VT\r\nLast check:04/05/2025'
md5, 823add1f76ee53424958c4d975bb8104, 'META No sample in VT\r\nLast check:04/05/2025'
md5, 88ea9a904663c79a9d2c34bc41642736, 'META No sample in VT\r\nLast check:04/05/2025'
md5, a89d1fa864cf7cf80d7a88ce7085f0cd, 'META No sample in VT\r\nLast check:04/05/2025'
md5, 1119f08b1cf255578ebea6b7dc65e529, 'META No sample in VT\r\nLast check:04/05/2025'
md5, 54a4da77d1bf79f497455c11c47478bc, 'META No sample in VT\r\nLast check:04/05/2025'
md5, be8514870cee288f61a73175032e4b82, 'META No sample in VT\r\nLast check:04/05/2025'
md5, c541f710d3e601bc95147cdb0707e742, 'META No sample in VT\r\nLast check:04/05/2025'
md5, 2d21fa15042a3fda41ab59472857bcf1, 'META No sample in VT\r\nLast check:04/05/2025'
md5, 42e1b820fcca3478112e872e29292534, 'REDLINE No sample in VT\r\nLast check:04/05/2025'

Full IOCs available in Rectifyq's MISP```

Rectifyq

Explorer

2024-05-09 Profiling Trafficers Cerberus

Indicator of Compromise (IoCs)

Graph View