Detects a BbyStealer family dropper website.
stealer created by a threat actor called 'brunxkd'.
It usually comes packed as an executable (standalone or in an archive)
on fake video game websites (which this rule should detect),
these URLs are spread by users of this stealer (or compromised accounts)
via Discord messages asking victims to 'test' their game for them,
as they masquerade as a 'game developer'.
There are several other info-stealers that use the same C2 domain as BbyStealer
currently they are:
- TargetPlay (Python)