InvisibleFerret Threat Intelligence Report

2025-07-26 Bloo

https://bloo.io/research/malware/invisibleferret

Thumbnail for InvisibleFerret Threat Intelligence Report

InvisibleFerret is described as a Python-based backdoor used by Lazarus Group or Famous Chollima in Contagious Interview operations against developers, cryptocurrency workers, finance targets, and other technology professionals. The infection chain relies on fake recruiters, job offers, malicious npm packages, or trojanized installers, then uses cross-platform Python components on Windows, Linux, and macOS. Its capabilities include host fingerprinting, browser credential theft, file scanning, keylogging, clipboard monitoring, encrypted or obfuscated communications, and AnyDesk installation for persistent remote access. The excerpt provides hashes, file paths, registry artifacts, and C2 addresses on uncommon ports such as 1224, 1244, and 1245, giving defenders concrete detection points for developer workstations and supply-chain exposure.

Indicators of Compromise

Type Value First Seen Last Seen
IPv4 95.164.17.24 2024-07-15 2026-04-01
IPv4 147.124.214.129 2024-05-10 2026-02-03
IPv4 185.235.241.208 2024-08-13 2025-11-13
URL https://www.travismathison.com/… 2025-07-26 2025-07-26
HASH 2012f6f7d8add86ebbc662981583255… 2025-05-09 2025-07-26
HASH 6a104f07ab6c5711b6bc8bf6ff956ab… 2024-10-23 2025-07-26
IPv4 95.164.7.171 2024-10-14 2025-07-26
HASH 10f86be3e564f2e463e45420eb5f9fb… 2024-10-09 2025-07-26
HASH 07183a60ebcb02546c53e82d92da3dd… 2024-10-09 2025-07-26
IPv4 173.211.106.101 2024-04-25 2025-07-26

Related Actors

Related Reports

2025-08-25 • 48% Match
#Lazarus #GolangGhost #T1059.003 #T1140 #T1005 #T1070.004 #T1041 #T1113 #T1071.001 #T1115 #T1083 #T1056.001 #T1204.002 #T1566.002 #T1555.003 #T1057 #T1059.005 #T1518.001 #T1566.001 #T1547.001 #T1059.001 #T1497.001 #T1219 #T1574.002 #T1562.001 #T1622 #T1027.002 #T1573.001 #T1190 #T1123 #T1132.002 #T1564.001 #T1548.002 #T1055.012 #T1027.007 #T1217 #T1106 #T1027.009 #T1036.003 #T1055.002 #T1036.007 #T1059.010 #T1136.001 #T1134.004 #T1614.001 #T1574.007 #T1098.007 #T1010 #T1071.004 #T1021.002 #T1021.006
Shares tags: T1059.003, T1041, T1071.001 • Same author: Bloo • Published within a month
2025-08-13 • 45% Match
#Lazarus #T1102.002 #T1082 #T1059.003 #T1567.002 #T1140 #T1584.004 #T1005 #T1070.004 #T1587.001 #T1041 #T1560 #T1608.001 #T1071.001 #T1046 #T1083 #T1056.001 #T1204.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1566.003 #T1124 #T1057 #T1059.005 #T1583.006 #T1566.001 #T1547.001 #T1585.002 #T1053.005 #T1583.001 #T1059.001 #T1036.005 #T1132.001 #T1001.003 #T1585.001 #T1497.001 #T1105 #T1553.002 #T1620 #T1574.002 #T1562.001 #T1027.002 #T1489 #T1078 #T1008 #T1571 #T1491.001 #T1218 #T1220 #T1203 #T1189 #T1049 #T1564.001 #T1098 #T1016 #T1074.001 #T1588.002 #T1562.004 #T1591 #T1218.011 #T1583.004 #T1036.004 #T1588.003 #T1218.010 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1048.003 #T1134.002 #T1027.007 #T1021.001 #T1106 #T1090.001 #T1573 #T1070 #T1047 #T1574.013 #T1561.001 #T1036.003 #T1529 #T1055.001 #T1614.001 #T1010 #T1021.002 #T1033 #T1543.003 #T1485 #T1090.002 #T1542.003 #T1560.002 #T1012 #T1110 #T1547.009 #T1110.003 #T1534 #T1588.004 #T1104 #T1591.004 #T1561.002 #T1608.002 #T1202 #T1221 #T1557.001 #T1087.002 #T1560.003 #T1070.003 #T1021.004
Shares tags: T1082, T1059.003, T1567.002 • Published within a month
« Back