4 Jan 2024
In the spirit of #100DaysOfYara, I've been working on a simple rule for a malware family I'm tracking, OriginBotnet. OriginBotnet is lightweight, modular offshoot of AgentTesla. I'll likely share the rule later to my Git - for now you all just get the screenshot 🤓
1
5
31
2,636
#xkeybot #malware
Email Swift Payment delivering #originbotnet
Attachment:
Swift.gz (c079296024238f82b1a019c712f5b8a6) -> Swift.exe (ce79ff49e2442108fb4eb3654d23dbad)
veit-intl.]com/gate
c2: veit-intl.]com (199.188.200.]87) @namecheap
see: tria.ge/231005-3vdgnaaa62/be…
1
2
12
1,982
25 Sep 2023
.@FortiGuardLabs recently provided a technical breakdown of a #phishing campaign, which drops #malware strains such as RedLine Clipper, Agent Tesla, and #OriginBotnet onto a victim's device. 🎣 Learn more about how this attack is deployed: ftnt.net/6018uE1Vr via @SCMagazine
2
88
25 Sep 2023
🎣#FortiGuardLabs recently provided a technical breakdown of a #phishing campaign, which drops #malware strains such as RedLine Clipper, Agent Tesla, and #OriginBotnet onto a victim's device 👉 ftnt.net/6015uEDrJ via @SCMagazine
1
5
826
#malware
#opendir on zzlsteel[.]cc
serving malwares, notably #OriginBotnet / #XKeyBot which calls out to C2: nitrosoftwares[.]shop
Both Domains registered @namecheap
Other C2 registered via @namecheap :
ltm-canada.]com/login/
turinapparrels.]com/login/
5
11
60
8,144
18 Sep 2023
Looks it's a newer build of XKeyBot.
Anyway, XKeyBot name is still better to use I think, as there is already an Origin named malware (previously Agent Tesla), which as you know some idiots calls a botnet too, so OriginBotnet name for XKeyBot would make confusion for some...
2
352
Seems #XKeyBot = #OriginBotnet #malware
unpacked sample with string OriginBotnet here:
unpac.me/results/33878a26-4a…
Got me on google, to find a 6 days old article by @Fortinet :
fortinet.com/blog/threat-res…
Third Payload named after namespace.
SAme C2 panel.
For those that want to name/reverse a malware:
Unknown #malware to me
Unknown C2 Panel to me
evensayers.]com[.au/gate
evensayers.]com[.au/login/
MD5: ecfb74b93750609b906f519809d45556
tria.ge/230728-zryfwaac8y/be…
cc: @Gi7w0rm @executemalware @malwrhunterteam
1
8
24
10,718
Beware of the latest phishing attack! Attackers are using Microsoft Word docs to spread malware like Agent Tesla, OriginBotnet, and RedLine Clipper.
Learn more about this threat: thehackernews.com/2023/09/so…
2
511
16 Sep 2023
.@FortiGuardLabs researchers are sounding a "critical severity" alarm over a malicious Microsoft Word document that packs malware strains RedLine Clipper, Agent Tesla and OriginBotnet. #cybersecurity #infosec #ITsecurity bit.ly/46cBHEF
4
2
1,363
14 Sep 2023
.@FortiGuardLabs researchers are sounding a "critical severity" alarm over a malicious Microsoft Word document that packs malware strains RedLine Clipper, Agent Tesla and OriginBotnet. #cybersecurity #infosec #ITsecurity bit.ly/46cBHEF
1
3
755
14 Sep 2023
#cybercrime: #phishing campaign carries #OriginBotnet, #RedLineClipper and #AgentTesla. @Fortinet #CyberSecurity experts: A word points to a link that downloads the loader. This then installs and executes the 3 #Malware. #infosec difesaesicurezza.com/en/defe…
2
3
920
14 Sep 2023
#cybercrime: campagna #phishing veicola #OriginBotnet, #RedLine Clipper e #AgentTesla. Gli esperti di #CyberSecurity di @Fortinet: Un documento word punta a un link che scarica il loader. Questo poi installa ed esegue i tre #Malware. #infosec difesaesicurezza.com/cyber/c…
1
1
814
13 Sep 2023
.@FortiGuardLabs researchers are sounding a "critical severity" alarm over a malicious Microsoft Word document that packs malware strains RedLine Clipper, Agent Tesla and OriginBotnet. #cybersecurity #infosec #ITsecurity bit.ly/46cBHEF
7
7
1,784
13 Sep 2023
💻🔒 Beware of the latest phishing attack! Attackers are using #Microsoft Word docs to spread #malware like Agent Tesla, OriginBotnet, and RedLine Clipper.
thehackernews.com/2023/09/so…
#cybersecurity #informationsecurity
1
611
New research details a multi-faceted phishing campaign that deploys #MicrosoftWord documents to disseminate three distinct #malware strains—RedLine Clipper, Agent Tesla, and OriginBotnet. therecord.media/phishing-cam…
1
4
5
1,048
12 Sep 2023
.@FortiGuardLabs researchers are sounding a "critical severity" alarm over a malicious Microsoft Word document that packs malware strains RedLine Clipper, Agent Tesla and OriginBotnet. #cybersecurity #infosec #ITsecurity bit.ly/46cBHEF
3
4
1,345
12 Sep 2023
Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper thehackernews.com/2023/09/so…
2
6
2,529
12 Sep 2023
Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper thehackernews.com/2023/09/so…
1
2
663
12 Sep 2023
💻🔒 Beware of the latest phishing attack! Attackers are using #Microsoft Word docs to spread #malware like Agent Tesla, OriginBotnet, and RedLine Clipper.
Learn more about this threat: thehackernews.com/2023/09/so…
#cybersecurity #informationsecurity
1
89
111
28,627
12 Sep 2023
悪意あるWord文書によりOriginBotnetマルウェアが拡散している。Fortinet社報告。OriginBotnetによる入力情報窃取、RedLine Clipperによる暗号資産窃取、Agent Teslaによる機微情報収集を同時に試みる。ローダーは検知回避のため、ヌル文字で400MBにパディングされている。 fortinet.com/blog/threat-res…
2
475