UnixStealer

UnixStealer (labeled as MB: a310Logger) is a .NET infostealer that leaks data via Discord webhook and Telegram Bot API. Targets: Chrome/Edge/Brave passwords, Telegram Desktop session, Steam account, Bitcoin Core wallet.dat. Developer: brtig (PDB leak).

Threat Profile
Type Infostealer
Programming LanguageC#/.NET
C2 ProtocolDiscord Webhook/Telegram
First Seen2023
Targets Kuresel Bireysel
Purpose / Capabilities
  • Credential+Crypto Theft

C2 Servers 3

2 Active
Address Port Protocol Status Action
api.vimeworld.ru
Russian Minecraft API dead drop (VimeWorld, UnixStealer)
443 HTTPS Active
api.telegram.org
Telegram Bot API C2 notification (UnixStealer)
443 HTTPS Active
discord.com/api/webhooks/1447625794359922871/P8qhcUhcDIHUGD1nOnDph6_jiieLZ1Pb53vxaOsrZQ6tHyNyb7SSCwCX0JcaaQZucT3f
Cleartext Discord webhook — data exfiltration channel (UnixS
- HTTPS INACTIVE

⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.

Research Reports (1)

Critical

UnixStealer (a310Logger) — Discord Webhook Veri Sizdirma, Telegram Bot C2, brtig PDB Gelistirici Izi | Kritik

UnixStealer (a310Logger). Discord webhook ile cleartext data exfil, Telegram Bot C2, Steam/Kripto hedef. brtig dev izi PDB.

Read Report →