41 μΙηΌ³΅@]ΪΦ~ (ε) 2023/09/08 01:23:04
gThe Fansly Whoami Exfil and Exfil Sysinfo OnlyFansh
Steal-It Campaign
An analysis of a new stealing campaign
https://www.zscaler.com/blogs/security-research/steal-it-campaign
Zscaler ThreatLabz recently discovered a new stealing campaign dubbed as the "Steal-It" campaign. In this campaign, the threat actors steal and exfiltrate NTLMv2 hashes using customized versions of Nishang's Start-CaptureServer PowerShell script, executing various system commands, and exfiltrating the retrieved data via Mockbin APIs.
Explicit Images as Lures: The Fansly Whoami Exfil and Exfil Sysinfo OnlyFans infection chain variations use explicit images of models to entice victims to execute the initial payload.