Unexpected outbound network connections to unknown IP addresses.
New, suspicious entries in the Windows folder or Registry Run keys. 🛠️ Mitigation & Safety If you have encountered this file: Do not extract or run the contents of the archive. Quarantine/Delete the file immediately. Run a Full Scan with a reputable antivirus provider. HIVERAT.rar
Specifically targets browser-stored credentials and messaging client data, such as Discord tokens. Quarantine/Delete the file immediately
I can provide more specific details if you have a of your specific sample or if you'd like to see a list of common file paths it uses for persistence. Would you like a list of detection rules (like Sigma or Yara) for this threat? New Families and Detection Updates - Hatching Triage I can provide more specific details if you
Reads the computer name and system information to identify the target.