Stealer Schema
Data Fields
| KEY | DATA TYPE | DESCRIPTION |
|---|---|---|
| _id | string | A unique (internal) identifier - used mainly for pagination. |
| date_uploaded | ISO Date String | The date in which the stealer was integrated into Hudson Rockβs platform. |
| date_compromised | ISO Date String | The date in which the computer was infected. |
| stealer | string | The unique ID of the stealer, typically indicating which stealer type it is, but often it is just random. Hudson Rock provides it as it was acquired from the threat actors. |
| stealer_family | string | Indicating which stealer type it is. |
| ip | string | The IP of the infected computer at the time of the infection. |
| computer_name | string | The name of the compromised computer. |
| operating_system | string | Operating System of the compromised computer. |
| malware_path | string | The path in which the stealer malware was installed. |
| antiviruses | array/list | Anti-viruses installed on the victim's computer. |
| employeeAt | array/list | An aggregation of all the companies (domains) that the retrieved computer is found to be an employee at, based on the credentials from their computer. |
| clientAt | array/list | An aggregation of all the companies (domains) that the retrieved computer is found to be a client at, based on the credentials from their computer |
| credentials | array/list | Array of objects where each one contains the field type, url, domain, username and password. |
| employee_session_cookies | array/list | cookies that were captured from the compromised computer, allowing threat actors to bypass traditional security measures such as 2FA by stealing the session of the victim. |
| installed_software | array/list | Array of installed software names and versions which were found on the compromised computer. |
JSON Schema
{
"date_uploaded": "2008-11-01T18:03:03.833Z",
"date_compromised": "2008-10-31T00:52:54.000Z",
"stealer": "US[84A9A4763718C8066F757039D966D3C5] [2008-10-31T05_43_39.2782540]",
"stealer_family": "RedLine",
"ip": "1.3.3.7",
"computer_name": "Satoshi Nakamoto",
"operating_system": "Windows 7 Ultimate x32",
"malware_path": "C:\\Users\\Satoshi\\AppData\\Local\\Temp\\7zSC104A5D7\\625b7babdef04_Sun02dd5dfaa6df.exe",
"antiviruses": [
"Windows Defender"
],
"employeeAt": [
"bitcoin.org"
],
"clientAt": [
"bitcointalk.org"
],
"credentials": [
{
"type": "employee",
"url": "https://mine.bitcoin.org/admin",
"domain": "bitcoin.org",
"username": "[email protected]",
"password": "StopPrintingMoney2008"
},
{
"type": "client",
"url": "https://bitcointalk.org/index.php?action=login",
"domain": "bitcointalk.org",
"username": "[email protected]",
"password": "StopPrintingMoney2008"
}
],
"installed_software": [
{
"program": "Bitcoin Core",
"version": "0.16.0"
},
{
"program": "Tor Browser",
"version": "1.2.0"
}
]
}Updated 19 days ago