SolarMarker Jupyter Infostealer Backdoor malware extravaganza

We recently discovered a PC attempting to contact an odd IP Address and our firewall caught it and blocked it due to a "No IP format" rule we have. After this we noticed Bitdefender was picking up some .ps1 files. After researching a bit... This was the Jupyter Infostealer, SolarMarker and it was on stage 3/4 of its cycle. Although this threat seems to be very good at remaining hidden, there are fingerprints left by it that could be used as indicators of infection. Is there a way to leverage Bitdefender against this threat by monitoring for certain file names, reg entries, hash executions?

Comments

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.