Skip to content

cystack/stealer-fingerprints

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

61 Commits
families
families
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Stealer Fingerprints

Public catalog of malware-family fingerprints curated by CyStack threat intelligence. Each entry documents a stealer log family with its banner strings, field signatures, sanitized sample, and ready-to-use YARA rules.

Each row in the table below summarises the operator-rebrand footprint observed for that family: how many distinct variants we have fingerprints for, how many distribution channels we have seen distributing it, and the highest attribution confidence observed (high = curated CTI confirmed, medium = community catalog hint, low = provisional best-guess, unknown = CyStack-discovered with no candidate, benign = false-positive labeling).

Families

Family Variants Channels Top confidence
AMOS Stealer 74 0 medium
Acreed 1 0 high
Aetheris Stealer 7 0 high
Ailurophile 1 1 high
Arcane 2 1 high
AuraStealer 2 0 high
Blank Grabber 12 0 high
BracketSection Stealer 1 0 unknown
CSAzureBuildStealer 1 0 unknown
CSBareVersionStealer 1 1 unknown
CSBinaryGarbageStealer 1 1 unknown
CSBitArchStealer 1 0 unknown
CSBrowersStealer 2 0 unknown
CSBuildBlockStealer 1 1 unknown
CSCountCoreStealer 4 0 unknown
CSCountRunsStealer 1 1 unknown
CSDaisyCloudStealer 1 1 low
CSDashPlusSepStealer 1 1 unknown
CSDataCollectedStealer 1 0 unknown
CSEmojiCountStealer 3 0 unknown
CSEmojiInfoStealer 1 0 unknown
CSEnvVarDumpStealer 1 1 unknown
CSFacebookMarketStealer 1 1 unknown
CSGADSPanelStealer 6 0 unknown
CSInzExtStealer 1 0 unknown
CSLoaderReadyStealer 1 1 unknown
CSMSKDateStealer 1 0 unknown
CSMacUserinfoStealer 1 0 unknown
CSMainLootStealer 1 1 low
CSNewLogStealer 1 0 unknown
CSNovyiLogStealer 1 1 unknown
CSPcNameSnakeStealer 1 1 unknown
CSPyHostTimeStealer 1 1 unknown
CSSigInfoStealer 1 1 low
CSSoftwareTailStealer 1 1 unknown
CSWmicDumpStealer 1 0 unknown
Category Stealer 3 0 unknown
Cthulhu Stealer 26 0 high
Lumma 7 1 high
MacSync 2 0 high
Millenium RAT 1 0 -
NotMalware 1 1 benign
PXA Stealer 7 0 high
Phantom Stealer 1 1 high
PureLogs 1 0 high
RL Stealer 1 0 medium
Raccoon 2 0 high
Redline 18 0 high
RedlineLike Stealer 17 0 unknown
StealC 20 0 high
Vidar 3846 0 high
WhiteSnake 5 0 high
XFiles 10 0 high

Contributing

Found a new variant or correction? Open a pull request adding the fingerprint banner, field keys, and any reference URLs. Sample logs must be sanitized of victim data before submission.

About

Public catalog of stealer log fingerprints. Banner strings, field signatures, sanitized samples, and YARA rules for 30+ malware families including RedLine, Vidar, Lumma, StealC, and Rhadamanthys. For incident response, detection engineering, and threat intelligence research.

cystack.net/data-leak-detection

Topics

ioc incident-response cybersecurity malware-analysis cti malware-samples yara yara-rules threat-intelligence malware-detection security-research redline mitre-attack rhadamanthys info-steal stealer-log-parser vidar-stealer infostealers lumma-stealer

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Contributors

Languages