SolarMarker Jupyter Infostealer Backdoor malware extravaganza

We recently discovered a PC attempting to contact an odd IP Address and our firewall caught it and blocked it due to a "No IP format" rule we have. After this we noticed Bitdefender was picking up some .ps1 files. After researching a bit... This was the Jupyter Infostealer, SolarMarker and it was on stage 3/4 of its cycle. Although this threat seems to be very good at remaining hidden, there are fingerprints left by it that could be used as indicators of infection. Is there a way to leverage Bitdefender against this threat by monitoring for certain file names, reg entries, hash executions?

Find more posts tagged with

Comments

Mike_BD

Hi @WindowsPretender ,

That's a nice bit of info shared right here. Thank you for your suggestion, I'll pass this on to the info-sec team.

cheers,

Mike

Mike_BD

Hello @WindowsPretender ,

To your question directly, that would be our EDR product: https://www.bitdefender.com/business/enterprise-products/endpoint-detection-response.html.

What solution are you using?

cheers,

Mike