Sign in Create account

#castleloader — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #castleloader, aggregated by home.social.

MalwareAlias @[email protected] · 2025-11-20 · 10:00 UTC

Mentioned Malware Families: Stealc, CASTLELOADER, NightshadeC2
Aliases for Stealc: win.stealc
Malpedia link for Stealc: https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
Aliases for CASTLELOADER: win.castleloader
Malpedia link for CASTLELOADER: https://malpedia.caad.fkie.fraunhofer.de/details/win.castleloader
Aliases for NightshadeC2: win.nightshade_c2, CastleRAT
Malpedia link for NightshadeC2: https://malpedia.caad.fkie.fraunhofer.de/details/win.nightshade_c2
#Stealc #CASTLELOADER #NightshadeC2
Aliases provided by Malpedia.

#stealc #castleloader #nightshadec2
MalwareAlias @[email protected] · 2025-11-20 · 10:00 UTC

Mentioned Malware Families: Stealc, CASTLELOADER, NightshadeC2
Aliases for Stealc: win.stealc
Malpedia link for Stealc: https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
Aliases for CASTLELOADER: win.castleloader
Malpedia link for CASTLELOADER: https://malpedia.caad.fkie.fraunhofer.de/details/win.castleloader
Aliases for NightshadeC2: win.nightshade_c2, CastleRAT
Malpedia link for NightshadeC2: https://malpedia.caad.fkie.fraunhofer.de/details/win.nightshade_c2
#Stealc #CASTLELOADER #NightshadeC2
Aliases provided by Malpedia.

#stealc #castleloader #nightshadec2
MalwareAlias @[email protected] · 2025-11-20 · 09:58 UTC

Mentioned Malware Families: Stealc, CASTLELOADER, NightshadeC2
Aliases for Stealc: win.stealc
Malpedia link for Stealc: https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
Aliases for CASTLELOADER: win.castleloader
Malpedia link for CASTLELOADER: https://malpedia.caad.fkie.fraunhofer.de/details/win.castleloader
Aliases for NightshadeC2: win.nightshade_c2, CastleRAT
Malpedia link for NightshadeC2: https://malpedia.caad.fkie.fraunhofer.de/details/win.nightshade_c2
#Stealc #CASTLELOADER #NightshadeC2
Aliases provided by Malpedia.

#stealc #castleloader #nightshadec2
MalwareAlias @[email protected] · 2025-11-20 · 09:57 UTC

Mentioned Malware Families: Stealc, CASTLELOADER, NightshadeC2
Aliases for Stealc: win.stealc
Malpedia link for Stealc: https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
Aliases for CASTLELOADER: win.castleloader
Malpedia link for CASTLELOADER: https://malpedia.caad.fkie.fraunhofer.de/details/win.castleloader
Aliases for NightshadeC2: win.nightshade_c2, CastleRAT
Malpedia link for NightshadeC2: https://malpedia.caad.fkie.fraunhofer.de/details/win.nightshade_c2
#Stealc #CASTLELOADER #NightshadeC2
Aliases provided by Malpedia.

#stealc #castleloader #nightshadec2
𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲 @[email protected] · 2025-11-20 · 09:57 UTC
Here's the full infection chain:
- 198.211.110.107:79 finger connects to finger[.]cloudyape[.]com
- 172.67.190.68:80 curl tries cloudyape[.]com/uvey.php?holt=2 but server responds with '301 Moved Permanently' and redirects to HTTPS
- 172.67.190.68:443 dropper download
- 172.67.190.68:80 curl gets cloudyape[.]com/uvey.php?holt=1 server redirects to HTTPS
- 172.67.190.68:443 dropper download
- 170.130.165.201:80 Download of file4.bin (#StealC) with fake GoogeBot user agent
- 170.130.165.201:80 #StealC v2 C2 / exfiltration
- 170.130.55.38:80 #CastleLoader traffic
- 194.76.227.242:9999 #CastleRAT C2 traffic
#stealc #castleloader #castlerat