Solarmarker: By Any Other Name (Mars-Deimos part 3)

Solarmarker (also known as JupyterInfostealer/YellowCockatoo) is an actively evolving infostealer/backdoor campaign; this report catalogs recent changes in persistence, obfuscation, packaging (shift from .exe to .msi), hardcoded C2s (including ASN trends), sample SHA256s, and provides detection guidance (YARA rule, registry and network hunting queries) and distribution observations (Freenom domains, Blogspot).