PennyWise Stealer - Update on rules

Pennywise stealer is still being used actively on YouTube malware campaigns but i cant find any ET rule detection although im aware some rules were written in the past. Maybe an update is needed to these new variants.

Some new & recent detonations

Actually only some generic Outbound POST Request rules are being pushed

Thanks!

hey @g0njxa, I’ll take a look at these today and let you know what I find

2046957 - ET MALWARE PennyWise Stealer Data Exfil M4

Have a great weekend!