{
	"id": "4d78bf43-06e4-4fdb-b4f0-8a8fe82f76ba",
	"created_at": "2026-04-06T00:17:07.956486Z",
	"updated_at": "2026-04-10T03:21:37.1298Z",
	"deleted_at": null,
	"sha1_hash": "ac8196b7bef31d8fa9e5a77f784cfae487be9dc2",
	"title": "EternityTeam: a new prominent threat group on underground forums",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 697829,
	"plain_text": "EternityTeam: a new prominent threat group on underground\r\nforums\r\nBy Quentin Bourgue\u0026nbsp;and\u0026nbsp;Sekoia TDR\r\nPublished: 2022-05-17 · Archived: 2026-04-05 17:30:24 UTC\r\nThis blog post on EternityTeam originally came from a FLINT (Sekoia.io Flash Intelligence) report sent to our\r\nclients on April 12, 2022.\r\nTable of contents\r\nEternityTeam activity on underground forums\r\nEternity’s malware catalog\r\nFocus on the Eternity Stealer\r\nIOCs \u0026 Technical Details\r\nDuring our monitoring of Dark Web cybercrime forums, we came across EternityTeam: a new active and\r\norganized threat group that is developing and advertising several malware. We have identified different pieces of\r\nmalware related to this group: Eternity Stealer, Eternity Worm, Eternity Miner, Eternity Clipper, Eternity Botnet,\r\nand Eternity Ransomware.\r\nThere are several reasons to believe that the EternityTeam could become a prominent malware seller and that their\r\nmalware could spread in the wild:\r\ntheir malware software capability;\r\ntheir presence on numerous underground forums;\r\ntheir effort invested in the marketing;\r\nthe number of Eternity Stealer samples identified by SEKOIA.IO in the wild;\r\nthe “project” of the Eternity threat group has been “verified and approved” by the administrators of several\r\ncybercrime forums in early February 2022, as a guarantee of the worthiness of the products they sell.\r\nhttps://blog.sekoia.io/eternityteam-a-new-prominent-threat-group-on-underground-forums/\r\nPage 1 of 10\n\nFigure 1. Eternity’s malware catalog advertised on their Telegram channel\r\nIn this blog post, we describe the activities on underground forums of EternityTeam members, share an overview\r\nof the different malware and present a quick analysis of the Eternity Stealer that appears to be their best-selling\r\nmalware. \r\nEternityTeam is a group that develops and sells different malware since at least January 2022. The threat group is\r\npresent on numerous Russian-speaking underground forums, such as XSS, UfoLabs, BHF, RuTOR, SkyNetZone,\r\nDarkClub, and others for advertising and selling their malware.\r\nWe noticed that several profiles are selling the EternityTeam malware, for example:\r\nUnderD0g advertises all products on the UfoLabs forum with the Telegram channel (t[.]me/EternityTeam)\r\nof the EternityTeam. It is interesting to note that UnderD0g has a profile on the XSS forum but has not\r\nused it to communicate about Eternity activities.\r\nNeizvestnost74 advertises, with its own Telegram profile, all the products (except the worm) on XSS,\r\nUfoLabs and BHF forums, among many others. The threat actor has entered the hacking forum scene at\r\nleast since 2019 for selling dedicated servers, malware, or for buying brute force services.\r\nEternityTeam is a recent profile that has only advertised the Eternity Stealer and the Eternity Worm on\r\nseveral forums.\r\nCyberSurprice advertises information stealer on numerous forums. As EternityTeam, this profile seems to\r\nhave been created for purposes of the Eternity projects.\r\nAll profiles are responsive to questions from potential or current clients, either on technical (detection) or business\r\nissues. The group members communicate in Russian (mainly) and English.\r\nIn addition to this, EternityTeam maintains a Telegram channel (t[.]me/s/EternityMalware), an .onion website\r\n(malwarewrn7fvd7zq243d74dxs3ca4wh5kw6i2opkzeusuoajtd2j5yd[.]onion) and a GitHub repository\r\nhttps://blog.sekoia.io/eternityteam-a-new-prominent-threat-group-on-underground-forums/\r\nPage 2 of 10\n\n(github[.]com/L1ghtM4n) in which they share details, videos, updates about all their malware in their catalog.\r\nIn the light of the above, we can assume that EternityTeam is a new group of several threat actors familiar with\r\nthe cybercrime ecosystem. They surely started their business for financial gain.\r\nEternity’s malware catalog\r\nThe Eternity information stealer, advertised as the Eternity Stealer or Eternity Project, is the one that interests\r\nthe most on forums. More details on this malware are given in the following part.\r\n \r\nFigure 2. Eternity Stealer advertisement published on several underground forums\r\nThe Eternity Miner is sold for $110. It aims to mine Monero cryptocurrency on Windows hosts. The malware\r\nimplements several defense evasion techniques, such as masking as a system process, hiding from the task\r\nmanager, preventing hibernation, and persistence.\r\nThe Eternity Clipper substitutes the cryptocurrency wallet address of the intended recipient with that of the\r\nattacker. It is sold for $99.\r\nThe Eternity Botnet (also named Eternity Dropper) allows an attacker to perform DDoS attacks using different\r\nmethods (HTTP, TCP Flood or UDP Flood), and to drop files on the infected host using UAC bypass. The agent\r\nbuilder and the administration panel are sold for $150 a month.\r\nThe Eternity Worm is able to spread itself over documents, USB, Cloud, and Discord. The price for Eternity\r\nWorm is $300 and the source price is $1200.\r\nhttps://blog.sekoia.io/eternityteam-a-new-prominent-threat-group-on-underground-forums/\r\nPage 3 of 10\n\nFigure 3. Eternity Worm advertisement published on several underground forums\r\nThe Eternity Ransomware is only advertised on their Telegram channel. According to EternityTeam’s\r\ndescription, it is a generic ransomware that encrypts all documents, photos, databases on disks, local shares, USB\r\ndrives, removes system restore points and deletes shadow copies, among other classic features.\r\nFocus on the Eternity Stealer\r\nAs mentioned in the introduction, we discovered the threat group, and its malware catalog, in February 2022,\r\nshortly after its emergence, during our Dark Web monitoring. We managed to find a sample of Eternity Stealer on\r\na file-sharing platform, and we quickly analyzed it.\r\nEternity Stealer is a complete information stealer written in .NET and sold with the malware-as-a-service model\r\nfor $99 per month. The malware targets personal information from:\r\nseveral browsers (passwords, cookies, credit cards, autofill data, history, and bookmarks);\r\nbrowser cryptocurrency extensions;\r\ncryptocurrency wallets;\r\nnumerous applications (password managers, messengers, VPN and FTP clients, and gaming software).\r\nhttps://blog.sekoia.io/eternityteam-a-new-prominent-threat-group-on-underground-forums/\r\nPage 4 of 10\n\nWe found that Eternity Stealer is able to steal credentials of Growtopia accounts. Growtopia is a game with almost\r\nendless possibilities for world creation, developed by the French video game company Ubisoft. This stealing\r\ncapability echoes the profitable and illegal business of Roblox (a mega-popular gaming platform) account theft,\r\noften targeting young players. As mentioned in the Vice article, attackers stole over ten thousand dollars worth of\r\nvirtual items in a few minutes. Information stealers targeting video game accounts is not a new trend, but it later\r\nappears to be on the rise. This business can be very lucrative as huge virtual markets exist for many video games,\r\nand the targeted users are often young and not very careful concerning cyber risks.\r\nInvestigating Eternity Stealer samples confirm this trend. Indeed we found some samples distributed as a glitch\r\nprogram for Growtopia (“Growtopia Growtoken Glitch 3.82+.exe“), or a cracked version of Growtopia\r\n(“Growtopia_Hack_3.82.exe“).\r\nRegarding data exfiltration, Eternity Stealer sends the stolen data to the Eternity Team servers via HTTPS POST\r\nrequests. Data is then redirected to the attacker on its Telegram bot.\r\nSEKOIA.IO Threat \u0026 Detection Research Team will continue to monitor EternityTeam activities, as well as\r\ntheir malware catalog to provide contextualized and actionable intelligence on these threats.\r\nIn conclusion, information from our Dark Web monitoring is a data source in its own right. The results allow us\r\nto identify trends and emerging threats. SEKOIA.IO analysts then make this information actionable for our\r\nclients.\r\nDiscover some of our previous investigations about other information stealers such as Mars Stealer or how\r\nransomware groups weaponize such tools, as was the case with Spook leveraging the Thanos builder.\r\nhttps://blog.sekoia.io/eternityteam-a-new-prominent-threat-group-on-underground-forums/\r\nPage 5 of 10\n\nIOCs \u0026 Technical Details\r\nEternity Stealer C2 servers:\r\neterprx[.]net\r\neternitypr[.]net\r\nEternity Stealer SHA-256 hashes:\r\n09e55384baf9c4c1ebd4c659b86c20f0ef6c7846ddbb5bb99bb010760dfc013c\r\n126b428c57f9e89d1c470e3184147c289e9e11de4c2aec42dff991d728a8d698\r\n165209e5a95f87e8894c7a73d108434f82c0e0f50b85f1042a99324213d0065d\r\n166aa27c57a0438338ca8b88d751d8be91d81a6ba3a86bbb044747e2f848fab7\r\n1e14be9074ed0873f3a682e5af5fe61948475713650b536b6076a7d22f876dc6\r\n245d50bcce507aab99b40a7e187c4a53e435da416f561a19bb4e6702db28d94c\r\n30dc455162a91bcc72e32fea809a9a1480492ff6a5e03c78e11e3facc5f362fd\r\n31a113ebe2b0efd24cbcee9cdfbe4959368419e46924f22b6ea83b46a4605e86\r\n3682d1a188aeb5ec39c21edd915e286f23fc76112a8f73828cb5d4d4e5ba6ecd\r\n3852c279b619eb9d7d08707a66d6bc2a8118d7334d5f5fd6cd4c1b00cdbed82e\r\nhttps://blog.sekoia.io/eternityteam-a-new-prominent-threat-group-on-underground-forums/\r\nPage 6 of 10\n\n3aec9d884ac3e0cfb53d9d9e0ced5d2b173017227daffb5877e32b207d8c7195\r\n3e137a31e06faddfe2e03d96895c748084d47318da2fb6c308f39f70fb522aef\r\n3e5fc5b4c08d14959955134c6f28bb939dbc18528b4c1b82a6f08c9ef1d57a06\r\n3fba09780f2a4a63472808413887dd5201e78707a0e2c7887bdfa33bb19be6a7\r\n409fe1c4d0d73ac8d7c31476d96bed92fb67921be62bca1b918663777bc69487\r\na428cce6ed823b8d63c251f84cede5b9b127c7c67699aa77da723dd4b79af0aa\r\nc13e2b1821a4221d8b863e726c181131439ba0110999c12f943ed4f309fb035a\r\n05f636dc9dd4e75a187e5c6eed4acaa9c51de1727c9ea744570f19d0091ec007\r\n81f4a6d3b836ca31aa31b2a318b177631c54f1e41f08f6b6a2a7150433729938\r\n826630786821ba231e6843fc949a833ec695511ad96da162fbbf040878002083\r\nf40b21888e97fd44afa76344cf8eae4f48aa24654482042a03ce94472f72f221\r\ne03181411fd119fae6633218dc0c742e15dadbff2d156c821195649b4af02998\r\n0195e11cb02a1f3e050fab8522abf3246f42910d583d7b41f33a49fffe0beb60\r\nb7e5a2b07ef23f3eb2fd199589ecf5ada9ca920f446ef4e48d95c6f371292fa9\r\naef43ba0cae68b2d69af9ade247c64b6a24dafa1c22b9fda9c087b2d4faf2eeb\r\n519854c9bfbb3d3bd0be42dcb25712d1567b2f35c3ef4fe03b2132fa96057393\r\n859231cd841df8d01279b321b8e89d07d070a7162ee9b768e453caebd1035d18\r\n68aa0a6d2dc873ddd8506fc8d76f2ecb5e16f297d258ed1f3409eac06f89d290\r\na8ae8b85db65241159faf6df3427858e72377d66c959952133acbf074964a768\r\nc157f0aa2913d15866b4a55489e3e78c27ecc3005036923bf89011f1e6c9ab76\r\n911b668dfe39f12368935c48b062f64153ae4b5d0acae67dd3d67306ff77ed3a\r\nef36b26d3823f02101a43163dd7868b76e87b845f4231cb606e891b8f684d834\r\n99350c906761346c503b6fb058be626171fbf4865ce9bedc139c67aadb1ea165\r\n600212c819e76234c7d7d81e38a62ef49c2939a7de7223b28d8d2049454ce74a\r\n1a402676a4436aff52d27186edac7cbc02f282d2168d9ff48fc3cd61900ba9ce\r\n5b5908988bfd53e29ada48b33839d6c732f290bacaab537b74b719d54d54325d\r\n10ea4054a6755a5188466e9a34b21cc12b003e2d929a924cbf00d982e2e13d48\r\n9d8efdc07b00d6dcc48c020be21ecdaaf220a2567edb942644a15f1795aa0f12\r\n788ae87ec85623435fa2742bbcccfe9ee2c11bbdefcf0b63ec59e53d94d74e6f\r\n1ff552dcd636c5601b4389566c417daef7fcc3887b29ac35fa71f9e727c2cd72\r\n7b933b60011e9d0bd9412ac7f37491f0ce4b08c2a2b09264269a637d88adc7ec\r\ne39993f219117284db8cc1d47b88c68b7af845bad23bfcdcfd01636f4582a8e6\r\na1402fd77cce7eb6ab989c0b014d2e0999a89519a3e2cda166bdd11adb86146c\r\na5c1a01d64ddc8f26f9582911f1e2973843988866afc9501fd7c8d1d1724ebcd\r\n298cd2cc2b9193605e00caaee02e2463c8329f3db70c615afad7f8f6c9f39535\r\nd527570ccfdfde1cf0f4d37bf44563fb8f1c4215cd17464a868ecaa45501d613\r\na51aa87ae265c34e1a79c8287481b167dad9df926eb14d17e0ae265093808689\r\n46e518dc61b63cc253641e9927383e058b816d7402a3447563ee8770892b59a6\r\n8e5abfcfbd4e09bca6e58c38c201d6bd159c76e137c499d261a0175c10385f84\r\nb899f3da3c71401a7dd9768eb78570bfdf9745cb63823eca378545320e58a4dc\r\n92624a6ffe39c33192aaced2c1d94ebbc18cd6aee530df80ab25e7e8b986197c\r\n7dfd5b26bab1e10bef45782211e12438f426717f1a81e5da709d0c7a4bbb3c2a\r\n6726a7edafc2cebf7876d3ef8ae1fb448ccbfec917e3e7d64c7a334b44eafd2c\r\n5af8eaffc3aab828331b085abfb575c323cfc95fe34078ec6b28dd1ba098dbf0\r\n576d801fcca70ab4b97fe7b1d2ddeec3b1ab2eeb03a2aaecb97dac4f015333a9\r\ncc61c79640e70080a10ed98a7aea4f73104af59e6f31d42ef76f62400762bb21\r\n1e6d64869761427efbd3b5d4344768776e4e4dacb9900b1aab0d0c17b8574e2f\r\nhttps://blog.sekoia.io/eternityteam-a-new-prominent-threat-group-on-underground-forums/\r\nPage 7 of 10\n\n5033fa9ad2d44b3eac74bee121f4a9cd759202cb49a2e019f08faeedbe4ed5a3\r\ne059fe759120ddc381561b671d84b68babff7a5aa2f8df8a148c40e8ec996f50\r\n0fa0917455a0fdb7f7e1210ccb28c9e35dfc4329776309de8cf67b91f805df79\r\nf28dab909f51c0bdb9b4d59249600e4e92d5e5eef7602041997e1fcf4a771301\r\n0064c22385b6cc7641e3a888062c8d9ad30ced13bbdaf3b976ea7905b1ad4be0\r\nf35155fcf26e6e029ecbb19aadc91935b201f42d8001855bcef73c0b820b22b9\r\n9b272e20c6f1fa2db2b1c8aedd260683c223548f92e52b04d5444a3c3ca2cb7b\r\n93ffcfa46b75b09efde951695235157896028b5b78a71e655ad4245f1d0b26cf\r\n38bedad9001a36172551ec25de82d661f595e347df23dcac9531d450ab8305e5\r\n99dacfaffe443309956d4ffa10b58e5c87de6c73339473712d9ade2cda57c923\r\n7f6ab1b61d261bd2875399b4281ed8b87c0cc2cb4bfe0c9a102fb0ff7d291e3f\r\nec0d6d1f8fb9f376a0f332b17e7316ba06b2049878e91d1631cd3921e63dc0dd\r\n9ffe4402cdb5794143f1caf029154cb0e923f9089e01cfb78f4c4d82f1f548a5\r\nb8575fbb226bbe496ec821ee093bcd2455eb34deb967b41782bf86989c99b673\r\nfc43f7f5af5be42d3a5fda928dda968118fcafcc08f73aa694bd575a3ef117d8\r\n97dc31d88caaa42709550fceeb4901713c4aebbd8efddfdec3ab67eb0baa5683\r\nea68e9a8ebf94ab76b3546d15a12d1fd0f32ecd3ff42286eda76be084bd0c2a0\r\n4423af11e0271c5eaee4ebf34841f9fa2419069581844533b821aaca5c8cb2f8\r\nd7254d08ccfeef82e11bb670f1dade3e144c139c189f013a8f2598ba5a85827d\r\n166bfdef3d7ff470cc266a011f41abece798f3a18b195fde44b9eb9be625b9df\r\n9634a426c27b291355fad176acd086abbd0535c9260458b47640302c9dcbe7fb\r\neb812b35acaeb8abcb1f895c24ddba8bb32f175308541d8db856f95d02ddcfe2\r\nd4f4debfe7d20a195dd5d2cf0853f21807fa6ab0152b3f0b3ac02e6a388ebdf8\r\n9a129a6ea7edd1553f948f48a581c4ad6e1ebf5e504dbd9c44e22517e4e86f28\r\ne33528dad511e9c09ec3bc66499fcb4b388cdcf0757a830192ae030f7ce7bd73\r\n8892a97cb26dd49886b9f9e1f11bbdc3abf2f40a5b8a543257461ea0c79a9269\r\na2986810a3bdeeeab764b0a3ecc4e8befad6ceb9b52dbe51a1698d0579ddd0f0\r\nff75df6f9819b4522f6319bf7abf05221473066f4c955074187a91b9459cef8a\r\nf98b17f45d29f817e0debcd92756512acea397250fcfdfffdf12d78653f58fa9\r\nbe66b87a75d34df9b483a62287295063c9f89c9778d0b459a66e95b88fe5a7f6\r\ne42e75d7f8e2b48cfd005ad30435d521ca05a107adc7944c2467fea7266dbb81\r\nc917c2bd1643d4c9cfc821a084f1d4b93a7787c97ced7de2083adde083dbdd32\r\nce74ce22527dff2dcdc94c32c8a48ef57bae0a9cfe2bbefada621b747fd6355a\r\nfd4c85e7d9683cf7ea50317260a491a5b1f988c8e2d480afbc9d2b8901d0179b\r\ne618fb92617c97fa5b16420167b982416c21b1788cf51f7bd462af6d1acd341c\r\n0765e1261030d068e6061ec961a959a355ef03b0cf944961ff0404f1f9046d09\r\n19981056b66a1cb7bad210e55bf5028c435f392041ab8e62933caae7e20e4ebc\r\n756969b63bb99406b42e1f0c75008b8d033f4a2531e6af8d009109bb17785745\r\naaa7b14145369e5756a7d23cdff28b2a9e52a1495d6a01ac9dade3f5afcb7265\r\n52bb26050b07afd109d6a1d8fe7f88d9855cbf097276e46ff25a33ed4cd2eb61\r\n39bf22e3efc458cf4824cffcfb7e8649319fd2bd862ca84b6d87a91e41d0ca05\r\ne1c9ad3550affab7fb40c22b37399fec61fba46632aa65db1aa8b2223b7fca7b\r\n27a4428288cc2835cd3a124b80880e3eb6c8485691616f785767ffbc38b26efd\r\n43590fcdc469dfef103797723d09e9d1e5de6a798d449dfc685c9c17589fadff\r\n27f9c8399b5aa4324759ba1bec08c520fcb9221e97b4b0fd8963c9c0e279bdb4\r\n28d8f09f9e35fa440ec8371cc78365b93aa5526cb38a7eb2ab74cfa3ce9a5196\r\n0dca5ace3971a93ea570fc49003a8d35b69c76449a70664b0cb1ec989b253b9a\r\nhttps://blog.sekoia.io/eternityteam-a-new-prominent-threat-group-on-underground-forums/\r\nPage 8 of 10\n\nbb2d701f2ac6982afe79e5b1f21dae9ed54f5b46f4a75db280c827f68891172f\r\n7777a06da25535658da605d65e49e801dacf6b9d49550162471847186ce3c31f\r\n727e642f947dbd42cb59e97ff6b99dd00ed4216308bb71e48fd647b4c8c3d337\r\n93ca0085c47a2246a9bad50dd6aa0a6919f723b530880af8a83db1e3e3067221\r\ne68ebf69f8199a8e867b84a60955c0eaf393e2f8da6ff598de5c77466b9699b2\r\na3f81a6c2bc1da49e5729d182353ebfe59f6bfe121556bcbe339eb7126da78a2\r\n82fa086803d681e951436ded0f129592b80567e78d51b03092f75714f7bf6315\r\ndd3c04a44b4353f3eb4386352041bc217a868d00f4728b397758bef3854ed333\r\n6940959af8bcc4efa84801ba9be324f1623049ffc06ee594e89903214f5b9628\r\n16dec1fe2067b0a7de84fbab21b8e766a23d61443a0a3a2a1c5e754e12e71487\r\ncffa6b568bb6b90858311e93d6cd5117a9ec9a2de491b79838c2634f13472796\r\n712d11522b19a1cf1c6e026aa78cdc239aec6ce24d84b6a89b901ce9bb4eb5fe\r\n54a813951d785e6b7946de41a5be03486d6827a32ceed20fd74d4274ff0a900f\r\naabd09d784d25a2857bef4e433b8acee7151fa125d523025b4f6bc2d875f4d11\r\nc982fa2c8dd19ad9c5f289a031ad71e5116004733e25bdbb58c00786a177a235\r\n5c82185c5701c73d77a1fcb0d4d18dcec679687fe8d014bdf2c95e4114be46a4\r\n930c0a0ff2bfa76fa45d394e09e2e0716eb96e229bb9aaa01dc5bb1650929d70\r\nc6d2b498b4080c788362f51aba32065ea5531bc2a38f8e06c5ed0a104ff9d1f0\r\nfbd896ac261b78ede37290c0f5e6b236dc5aeb9a1de573fa760871ea3f03ea00\r\n0b838ca129f55887d9013748bc114df9530fe53c8392826603baab926c9bce10\r\nca63473125b8f48f075af1119c7ec080c2ec8f25aee0f9068a3cd0f5873d67aa\r\n01207ce98db20f18da3ed68f933a001152b7d7809b7135e0a6535018cc175c0d\r\nfe3a933806cb53f2b3027e171db2e470972a8791e2a4f3bc3c34b75ae652442f\r\n67ed1389d89673f64c0235bbc767ba9210040c0aa478433288c22397a363a6f0\r\n783502f920356f306c112adc485de195bf7797bad3ff2308f44fd1f1d8f27513\r\n92267ace82e852bf55308f224629217957b7c00c5c6bd1191c605df0a7669189\r\n95d9dd6ee61e580c857552c0a3f0a8c80db1b403704498b2032c72540acc5580\r\n82142a98dcbad144cfdfbc66dec431e68352bd989acb49d977f01209be00ba49\r\nYARA rule\r\nimport \"pe\"\r\nrule infostealer_win_eternity {\r\n meta:\r\n malware = \"Eternity Stealer\"\r\n description = \"Identify Eternity Stealer samples based on specific strings \\\\\r\n or PE section names\"\r\n source = \"SEKOIA.IO\"\r\n classification = \"TLP:WHITE\"\r\n \r\n strings:\r\n $str0 = \"Sending info to Eternity..\" wide\r\n $str1 = \"Debug mode, dont share this stealer anywhere.\" wide\r\n $str2 = \"\\\\Growtopia.exe\" wide\r\n $str3 = \"Software\\\\Growtopia\" wide\r\nhttps://blog.sekoia.io/eternityteam-a-new-prominent-threat-group-on-underground-forums/\r\nPage 9 of 10\n\n$str4 = \"Corrupting Growtopia..\" wide\r\n $str5 = \"Disabling Task Manager..\" wide\r\n $str6 = \"Deleting previous file from startup and copying new one.\" wide\r\n $str7 = \"Hiding file in Startup folder..\" wide\r\n $str8 = \"Initializing File watcher..\" wide\r\n $str9 = \"Decoder: Failed to delete temp login. No problem, continuing..\" wide\r\n $str10 = \"dcd.exe\" wide\r\n \r\n condition:\r\n uint16(0)==0x5A4D and\r\n (for any i in (0..pe.number_of_sections-1): ( pe.sections[i].name == \".eter0\" ) and\r\n for any i in (0..pe.number_of_sections-1): ( pe.sections[i].name == \".eter1\" )) or\r\n 6 of ($str*)\r\n}\r\nThank you for reading this article. You can also read our article on:\r\nChat with our team!\r\nWould you like to know more about our solutions?\r\nDo you want to discover our XDR and CTI products?\r\nDo you have a cybersecurity project in your organization?\r\nMake an appointment and meet us!\r\nDiscover our:\r\nCyber Threat Intelligence platform\r\nXDR platform\r\nSOC platform\r\nTools for SOC analyst\r\nSIEM solution\r\nCTI Cybercrime Dark Web Stealer\r\nShare this post:\r\nSource: https://blog.sekoia.io/eternityteam-a-new-prominent-threat-group-on-underground-forums/\r\nhttps://blog.sekoia.io/eternityteam-a-new-prominent-threat-group-on-underground-forums/\r\nPage 10 of 10",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://blog.sekoia.io/eternityteam-a-new-prominent-threat-group-on-underground-forums/"
	],
	"report_names": [
		"eternityteam-a-new-prominent-threat-group-on-underground-forums"
	],
	"threat_actors": [],
	"ts_created_at": 1775434627,
	"ts_updated_at": 1775791297,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ac8196b7bef31d8fa9e5a77f784cfae487be9dc2.pdf",
		"text": "https://archive.orkl.eu/ac8196b7bef31d8fa9e5a77f784cfae487be9dc2.txt",
		"img": "https://archive.orkl.eu/ac8196b7bef31d8fa9e5a77f784cfae487be9dc2.jpg"
	}
}