{
	"id": "0f78bc2a-25d8-440f-bade-b723cf401971",
	"created_at": "2026-04-06T00:06:23.962707Z",
	"updated_at": "2026-04-10T03:36:48.422369Z",
	"deleted_at": null,
	"sha1_hash": "46dbcf2fbc5afb76c177d8846bf78352b9e1d318",
	"title": "GitHub - 0day2/SapphireStealer: A simple stiller with sending logs to your EMAIL, in case of inactivity, write to me in Discord- R3VENGE#1539",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 79490,
	"plain_text": "GitHub - 0day2/SapphireStealer: A simple stiller with sending logs\r\nto your EMAIL, in case of inactivity, write to me in Discord-R3VENGE#1539\r\nBy 0day2\r\nArchived: 2026-04-05 15:11:12 UTC\r\nSkip to content\r\nNavigation Menu\r\nAI CODE CREATION\r\nGitHub CopilotWrite better code with AI\r\nGitHub SparkBuild and deploy intelligent apps\r\nGitHub ModelsManage and compare prompts\r\nMCP RegistryNewIntegrate external tools\r\nView all features\r\nPricing\r\nSign up\r\nNotifications\r\nFork 10\r\nStar 61\r\nREADME\r\nSapphireStealer\r\nhttps://github.com/0day2/SapphireStealer/\r\nPage 1 of 3\n\nA simple stiller with sending logs to your EMAIL, in case of inactivity, write to me\r\nin Discord- R3VENGE#1539 or Telegram- https://t.me/hvcd222\r\nIt is written entirely in C# using DotNetZip In case of questions in terms of setting\r\nup the stealer, comments are attached in the source code. Setting up sending logs\r\n(to, from) in the SendLogs.cs file\r\nSupported browsers: Chromium(maybe this list will be replenished over time)\r\n•Version 1.0\r\n•Author: r3vengerx0\r\nAbout\r\nA simple stiller with sending logs to your EMAIL, in case of inactivity, write to me in Discord- R3VENGE#1539\r\nResources\r\nReadme\r\nActivity\r\nhttps://github.com/0day2/SapphireStealer/\r\nPage 2 of 3\n\nStars\r\n61 stars\r\nWatchers\r\n2 watching\r\nForks\r\n10 forks\r\nSource: https://github.com/0day2/SapphireStealer/\r\nhttps://github.com/0day2/SapphireStealer/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://github.com/0day2/SapphireStealer/"
	],
	"report_names": [
		"SapphireStealer"
	],
	"threat_actors": [
		{
			"id": "9f101d9c-05ea-48b9-b6f1-168cd6d06d12",
			"created_at": "2023-01-06T13:46:39.396409Z",
			"updated_at": "2026-04-10T02:00:03.312816Z",
			"deleted_at": null,
			"main_name": "Earth Lusca",
			"aliases": [
				"CHROMIUM",
				"ControlX",
				"TAG-22",
				"BRONZE UNIVERSITY",
				"AQUATIC PANDA",
				"RedHotel",
				"Charcoal Typhoon",
				"Red Scylla",
				"Red Dev 10",
				"BountyGlad"
			],
			"source_name": "MISPGALAXY:Earth Lusca",
			"tools": [
				"RouterGod",
				"SprySOCKS",
				"ShadowPad",
				"POISONPLUG",
				"Barlaiy",
				"Spyder",
				"FunnySwitch"
			],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "18a7b52d-a1cd-43a3-8982-7324e3e676b7",
			"created_at": "2025-08-07T02:03:24.688416Z",
			"updated_at": "2026-04-10T02:00:03.734754Z",
			"deleted_at": null,
			"main_name": "BRONZE UNIVERSITY",
			"aliases": [
				"Aquatic Panda",
				"Aquatic Panda ",
				"CHROMIUM",
				"CHROMIUM ",
				"Charcoal Typhoon",
				"Charcoal Typhoon ",
				"Earth Lusca",
				"Earth Lusca ",
				"FISHMONGER ",
				"Red Dev 10",
				"Red Dev 10 ",
				"Red Scylla",
				"Red Scylla ",
				"RedHotel",
				"RedHotel ",
				"Tag-22",
				"Tag-22 "
			],
			"source_name": "Secureworks:BRONZE UNIVERSITY",
			"tools": [
				"Cobalt Strike",
				"Fishmaster",
				"FunnySwitch",
				"Spyder",
				"njRAT"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "6abcc917-035c-4e9b-a53f-eaee636749c3",
			"created_at": "2022-10-25T16:07:23.565337Z",
			"updated_at": "2026-04-10T02:00:04.668393Z",
			"deleted_at": null,
			"main_name": "Earth Lusca",
			"aliases": [
				"Bronze University",
				"Charcoal Typhoon",
				"Chromium",
				"G1006",
				"Red Dev 10",
				"Red Scylla"
			],
			"source_name": "ETDA:Earth Lusca",
			"tools": [
				"Agentemis",
				"AntSword",
				"BIOPASS",
				"BIOPASS RAT",
				"BadPotato",
				"Behinder",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"Doraemon",
				"FRP",
				"Fast Reverse Proxy",
				"FunnySwitch",
				"HUC Port Banner Scanner",
				"KTLVdoor",
				"Mimikatz",
				"NBTscan",
				"POISONPLUG.SHADOW",
				"PipeMon",
				"RbDoor",
				"RibDoor",
				"RouterGod",
				"SAMRID",
				"ShadowPad Winnti",
				"SprySOCKS",
				"WinRAR",
				"Winnti",
				"XShellGhost",
				"cobeacon",
				"fscan",
				"lcx",
				"nbtscan"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "d53593c3-2819-4af3-bf16-0c39edc64920",
			"created_at": "2022-10-27T08:27:13.212301Z",
			"updated_at": "2026-04-10T02:00:05.272802Z",
			"deleted_at": null,
			"main_name": "Earth Lusca",
			"aliases": [
				"Earth Lusca",
				"TAG-22",
				"Charcoal Typhoon",
				"CHROMIUM",
				"ControlX"
			],
			"source_name": "MITRE:Earth Lusca",
			"tools": [
				"Mimikatz",
				"PowerSploit",
				"Tasklist",
				"certutil",
				"Cobalt Strike",
				"Winnti for Linux",
				"Nltest",
				"NBTscan",
				"ShadowPad"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775433983,
	"ts_updated_at": 1775792208,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/46dbcf2fbc5afb76c177d8846bf78352b9e1d318.pdf",
		"text": "https://archive.orkl.eu/46dbcf2fbc5afb76c177d8846bf78352b9e1d318.txt",
		"img": "https://archive.orkl.eu/46dbcf2fbc5afb76c177d8846bf78352b9e1d318.jpg"
	}
}