IOK Rules: malware.bbystealer

Detects a BbyStealer dropper website. BbyStealer is a JavaScript-based information stealer created by a threat actor called 'brunxkd'. It usually comes packed as an executable (standalone or in an archive) on fake video game websites (which this rule should detect), these URLs are spread by users of this stealer (or compromised accounts) via Discord messages asking victims to 'test' their game for them, as they masquerade as a 'game developer'.

Detects a BbyStealer family dropper website. BbyStealer is a JavaScript-based information stealer created by a threat actor called 'brunxkd'. It usually comes packed as an executable (standalone or in an archive) on fake video game websites (which this rule should detect), these URLs are spread by users of this stealer (or compromised accounts) via Discord messages asking victims to 'test' their game for them, as they masquerade as a 'game developer'. There are several other info-stealers that use the same C2 domain as BbyStealer currently they are: - Doenerium (JavaScript) - TargetPlay (Python)