Back

Stargazers Ghost Network

July 24, 2024, 5:18 p.m.

Tags

infostealers
2024-07-24
botnets

External References

https://research.checkpoint.com/

https://otx.alienvault.com/

Description

Check Point Research identified a sophisticated network of GitHub accounts distributing malware through malicious repositories. The Stargazers Ghost Network consists of different types of accounts performing various actions like starring, forking, and subscribing to give an appearance of legitimacy. This network functions as a Distribution as a Service (DaaS), allowing threat actors to share malicious content. The operator, tracked as Stargazer Goblin, provides and maintains the network, distributing malware families like Atlantida Stealer, Rhadamanthys, Lumma Stealer, and RedLine. With over 3,000 active Ghost accounts, the network has earned an estimated $100,000 since its inception in August 2022. This new era of malware distribution utilizes ghost accounts across platforms, potentially employing AI for targeted campaigns.

Date

Published Created Modified
July 24, 2024, 5:04 p.m. July 24, 2024, 5:04 p.m. July 24, 2024, 5:18 p.m.

Indicators

ab59a8412e4f8bf3a7e20cd656edacf72e484246dfb6b7766d467c2a1e4cdab0

98b7488b1a18cb0c5e360c06f0c94d19a5230b7b15d0616856354fb64929b388

a484fa09be45608e23d8e67cd28675fa3e3c4111af396501385256ce34ff1d95

8d8d7eb1180c13ed629dceac6c399c656692a6476c49047e0822bec6156a253a

64a49ff6862b2c924280d5e906bc36168112c85d9acc2eb778b72ea1d4c17895

385ebe3d5bd22b6a5ae6314f33a7fa6aa24814005284c79edaa5bdcf98e28492

2f5624dcda1d58a45491028acc63ff3f1f89f564015813c52eebd80f51220383

2ebf051f6a61fa825c684f1d640bfb3bd79add0afcff698660f83f22e6544cba

2b6c8aa2ac917d978dfec53cef70eaca36764a93d01d93786cc0d84da47ce8e6

148c456e83e746a63e54ec5abda801731c42f3778e8eb0bf5a5c731b9a48c45d

060de3b4cf3056f24de882b4408020cee0510cb1ff0e5007c621bc98e5b4bdf3

89.23.98.116

147.45.44.73

147.78.103.199

147.45.47.64

185.172.128.95

Attack Patterns

Atlantida Stealer

Lumma Stealer

RedLine

RisePro

Rhadamanthys

Stargazer Goblin

T1568

T1086

T1490

T1010

T1012

T1189

T1497

T1491

T1489

T1106

T1057

T1105

T1071

T1055

T1498

T1204

T1027

T1566

T1003

T1059