UnixStealer
UnixStealer (labeled as MB: a310Logger) is a .NET infostealer that leaks data via Discord webhook and Telegram Bot API. Targets: Chrome/Edge/Brave passwords, Telegram Desktop session, Steam account, Bitcoin Core wallet.dat. Developer: brtig (PDB leak).
Threat Profile
Type
Infostealer
Programming LanguageC#/.NET
C2 ProtocolDiscord Webhook/Telegram
First Seen2023
Targets
Kuresel Bireysel
Purpose / Capabilities
- Credential+Crypto Theft
C2 Servers 3
2 Active
| Address | Port | Protocol | Status | Action |
|---|---|---|---|---|
api.vimeworld.ru
Russian Minecraft API dead drop (VimeWorld, UnixStealer)
|
443 | HTTPS | Active | |
api.telegram.org
Telegram Bot API C2 notification (UnixStealer)
|
443 | HTTPS | Active | |
discord.com/api/webhooks/1447625794359922871/P8qhcUhcDIHUGD1nOnDph6_jiieLZ1Pb53vxaOsrZQ6tHyNyb7SSCwCX0JcaaQZucT3f
Cleartext Discord webhook — data exfiltration channel (UnixS
|
- | HTTPS | INACTIVE |
⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.
Research Reports (1)
UnixStealer (a310Logger) — Discord Webhook Veri Sizdirma, Telegram Bot C2, brtig PDB Gelistirici Izi | Kritik
UnixStealer (a310Logger). Discord webhook ile cleartext data exfil, Telegram Bot C2, Steam/Kripto hedef. brtig dev izi PDB.
Read Report →