#Malware #RisePro

RisePro Stealer
C2 Panel, Builder and Proxy tools leaked.

virustotal.com/gui/file/a82a2…

#risepro stealer is on the rise 📈🥷 looking at initial ip 194.169.175[.133 reveals login panel. You can pivot using http headers query below to find 33 unique panels within #FOFA . Additionally, you can pivot on the favicon to reveal a further 3 unique panels! 🎯

#WhiteSnake Stealer is now releasing an update featuring Google Cookies restoration 🍪👀

Same features after #Lumma , #Rhadamanthys , #Risepro , #Meduza , #Stealc

Anyone else?😂

Looks Like Risepro has updated their C2 Panel
http[:]//38[.]47[.]220[.]202

censys
services.http.response.html_title='ProxyTools'

shodan
http.html_hash:-946937792

new panels:
175[.]24[.]178[.]202
38[.]47[.]221[.]56
8[.]140[.]18[.]150
#RisePro @ShilpeshTrivedi JAMESWT

🧵1. RisePro ThreatHunt. Inspired by some of the people tagged in this thread. Hunting #RisePro #stealer panels using Fofa and there were some intriguing results. First up lets use #Viriback @viriback for some intel.

#C2 #C2 Panel #ThreatHunt #Malware

Top 10 last week's threats by uploads 🌐

⬆️ #Phishing 1259 (973)
⬇️ #Agenttesla 110 (152)
⬆️ #Guloader 110 (25)
⬆️ #Remcos 105 (65)
⬆️ #Njrat 76 (50)
⬇️ #Asyncrat 55 (89)
⬇️ #Xworm 43 (77)
⬇️ #Redline 40 (45)
⬆️ #Orcus 39 (8)
⬇️ #Risepro 38 (61)

Track them all at 🔽…

#Risepro Stealer is also offering a 'Google Cookies Restoration' Service. 👀🍪

This would be the third stealer malware project offering this kind of service after #Lumma and #Rhadamanthys .

#Meduza stealer has been updated as of December 8th into a new v2.0

Featuring 'Google cookies restoration' from tokens stolen from 'Google Accounts' (same as #Lumma , #Rhadamanthys and #Risepro )

More changes!
Please find attached the full release statement 👀👀

[1/4] #RisePro #stealer C2 panel,This #Malware came back after 8 months

http[:]//5[.]42[.]79[.]238[:]8081/login
http[:]//38[.]47[.]220[.]202[:]8081/login
http[:]//45[.]15[.]159[.]248[:]8081/login
http[:]//95[.]214[.]25[.]205[:]8081/login
http[:]//95[.]214[.]25[.]208[:]8081/login

Prepare your inquiries points for this session!
'Ranolazine from Theory to Practice: Clinical Cases', a session led by the esteemed Prof. Amr Kamal 🤩
Register Now & save yourself a seat: bit.ly/43fEcWt

#CVREP #RisePro #cardiology #cardiologist #cardiology fellows

A few active #RisePro #stealer #c2 panels:

hxxp://194.169.175[.]128:8081/login
hxxp://38.47.220[.]202:8081/login
hxxp://79.110.49[.]141:8081/login

Dee Who said what JAMESWT fastfire ChrisUeland R.

#threathunting #malware

#渡辺曜誕生祭2024
そろそろ新作作らんとね

#これを見た人はベストツーショットを貼れ

ミサシンとLAS

#Censys Queries to find #RisePro #Stealer Infra

'services.http.response.headers: (key: `Server` and value.headers: `RisePro`)' => 26 servers

(or)

'services[.]software.product=`risepro` ' => 23 servers

The reason is explained in the below screenshots.

#Malware #ioc

次回「アスカ、来日」

🔍 #Malware configuration extractors targeting #infostealers like #RisePro and #Lumma .

🛡️ Detecting threat tactics such as #ReverseShells , #ProcessHollowing , and more.

🎣 Enhanced #phishing detection capabilities, including automated login interaction.

🚨 Insight into the…

#アグネスタキオン生誕祭2024

#100DaysofYARA Day47: Detecting RisePro C2 Login Panels based on Network Headers using VT Live Hunt

github.com/RustyNoob-619/…

Backtracing through urlscan.io

#unam #c2 #panel
urlscan.io/search/#filena…

#meduza #stealer
urlscan.io/search/#filena…

#risepro #stealer
urlscan.io/search/#filena…

#lokibot
urlscan.io/search/#filena…