WhiteSnake Stealer is a .NET stealer family referenced here through code-lineage overlap: the analyzed content states that the Stub.* namespace and class structure are consistent with multiple .NET stealer codebases sharing common lineage, including WhiteSnake Stealer forks and derivatives. The same content also explicitly notes that Phantom Stealer appears to be a distinct product with its own development cycle. Based on the provided material, the high-confidence characterization is therefore limited to WhiteSnake Stealer being part of a broader .NET infostealer lineage from which related forks and derivatives exist. No direct, malware-specific details on WhiteSnake Stealer’s own infection chain, capabilities, persistence, exfiltration methods, targeted sectors, associated threat actors, or indicators of compromise are provided in the content.
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Referenced as part of the broader .NET stealer ecosystem and possible code lineage for Phantom Stealer, with similar module naming conventions and implementation patterns.
Referenced as a related .NET stealer lineage whose forks and derivatives share structural similarities with Phantom Stealer, including module naming conventions and implementation patterns.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.