{
	"id": "6d0fcc45-b928-4bf0-876c-006dfe190a4a",
	"created_at": "2026-04-06T01:32:39.52656Z",
	"updated_at": "2026-04-10T03:20:04.535887Z",
	"deleted_at": null,
	"sha1_hash": "90412e5d9ff87e50cabe1054243a32bb3959bfcb",
	"title": "Bofamet Stealer malware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 31107,
	"plain_text": "Bofamet Stealer malware\r\nArchived: 2026-04-06 00:44:48 UTC\r\nBofamet is a new Python-based infostealer found in the wild. The malware collects miscellaneous information\r\nfrom the compromised endpoints including: credentials, system information, browser cookies, Telegram session\r\ndata, Discord tokens, screenshots, Steam configuration files, etc. The collected data is exfiltrated back to the\r\nattackers with help of a Telegram bot.\r\nSymantec protects you from this threat, identified by the following:\r\nAdaptive-based\r\nACM.Untrst-RunSys!g1\r\nBehavior-based\r\nSONAR.Stealer!gen1\r\nSONAR.TCP!gen6\r\nCarbon Black-based\r\nAssociated malicious indicators are blocked and detected by existing policies within VMware Carbon\r\nBlack products. The recommended policy at a minimum is to block all types of malware from executing\r\n(Known, Suspect, and PUP) as well as delay execution for cloud scan to get maximum benefit from\r\nVMware Carbon Black Cloud reputation service.\r\nFile-based\r\nInfostealer\r\nTrojan.Gen.MBT\r\nWS.Malware.1\r\nSource: https://www.broadcom.com/support/security-center/protection-bulletin/bofamet-stealer-malware\r\nhttps://www.broadcom.com/support/security-center/protection-bulletin/bofamet-stealer-malware\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.broadcom.com/support/security-center/protection-bulletin/bofamet-stealer-malware"
	],
	"report_names": [
		"bofamet-stealer-malware"
	],
	"threat_actors": [],
	"ts_created_at": 1775439159,
	"ts_updated_at": 1775791204,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/90412e5d9ff87e50cabe1054243a32bb3959bfcb.pdf",
		"text": "https://archive.orkl.eu/90412e5d9ff87e50cabe1054243a32bb3959bfcb.txt",
		"img": "https://archive.orkl.eu/90412e5d9ff87e50cabe1054243a32bb3959bfcb.jpg"
	}
}