Tool: PsiXBot| Names | PsiXBot | |
| Category | Malware | |
| Type | Backdoor, Keylogger, Credential stealer, Info stealer, Downloader, Miner | |
| Description | (Fox-IT) The malware first surfaced in 2017 but has recently undergone significant developments of its core and modules, which include the logging of keystrokes and stealing of Outlook and browser credentials. With these new developments done and the first large scale distributions observed in the wild, PsiXBot has officially made its debut in the malware ecosystem. The commands currently supported are: • Download • DownloadAndExecute • Execute • GetInstalledSoft • GetKeylogs • GetOutlook • GetProcessesList • GetScreenShot • GetSteallerCookies • GetSteallerPasswords • StartAndroidModule • StartBTC • StartComplexModule • StartKeylogger • StartNewComplexModule • StartSchedulerModule • StopProcess | |
| Information | <https://blog.fox-it.com/2019/03/27/psixbot-the-evolution-of-a-modular-net-bot/> <https://www.proofpoint.com/us/threat-insight/post/psixbot-now-using-google-dns-over-https-and-possible-new-sexploitation-module> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.psix> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:psixbot> | |
Last change to this tool card: 29 April 2020
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
Other groups | |||||
| TA554 | [Unknown] | 2017 | |||
1 group listed (0 APT, 1 other, 0 unknown)
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |