Blog / Research

GitHub pages serve Braodo Version 2, A Python based Stealer 19 May
  • By Gurumoorthi
  • stealer, python_obfuscation, braodo, telegram_bot
  • 7 Likes
  • 0 Comments
  • 0 Shares

GitHub pages serve Braodo Version 2, A Python based Stealer

We observed a threat actor leveraging GitHub repositories to execute Braodo Stealer a Sophisticated Python based Stealer. The Author hosted all the necessary python packages to run the stealer within the GitHub repository. The infection layers included a Byte Order Marker (BOM), a type of obfuscator designed to make the victim believe it is a Chinese file.

Unveiling APT36, Spreading Documents Employs Pahalgam Attack Theme 26 Apr
  • By Gurumoorthi
  • stealer, crimsonRAT, phishing
  • 7 Likes
  • 0 Comments
  • 2 Shares

Unveiling APT36, Spreading Documents Employs Pahalgam Attack Theme

From 24’ April’2025, We observed Pakistan-Aligned Threat Actor called as TransparentTribe spreading Phishing PPT & PDF in Pahalgam Attack Themes. Phishing PDF shows that the target might be an Indian Government along with the normal Victim people. Though the infection chain looks simple, the PDF and PPT seems very promising to lure the user to click on the links and has embedded login page asks for the credentials ‘gov.in’ and ‘nic.in’ mail ids.

Sophisticated Dbat Loader delivers Agenttesla targeting Italy 18 Apr
  • By Dhebika S
  • stealer, agenttesla, remcosrat, dropper
  • 9 Likes
  • 0 Comments
  • 6 Shares

Sophisticated Dbat Loader delivers Agenttesla targeting Italy

Since 2022, attackers have installed infostealers and commodity malware remote access Trojans (RATs) such as Remcos, Formbook and AgentTesla using the DbatLoader (also known as ModiLoader). It spreads usually through phishing email carrying a malicious attachment.

Categories

Tags

agenttesla amsi_bypass braodo crimson crimsonRAT dropper fakecaptcha github lummastealer memory_injection phishing python_obfuscation remcosrat stealer telegram_bot xwormrat