SYMBOLCOMMON_NAMEaka. SYNONYMS
win.psix (Back to overview)

PsiX

aka: PsiXBot

According to Matthew Mesa, this is a modular bot. The name stems from the string PsiXMainModule in binaries until mid of September 2018.

In binaries, apart from BotModule and MainModule, references to the following Modules have be observed:
BrowserModule
BTCModule
ComplexModule
KeyLoggerModule
OutlookModule
ProcessModule
RansomwareModule
SkypeModule

References
2022-08-08Medium CSIS TechblogBenoît Ancel
@online{ancel:20220808:inside:67ef9a0, author = {Benoît Ancel}, title = {{An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure}}, date = {2022-08-08}, organization = {Medium CSIS Techblog}, url = {https://medium.com/csis-techblog/inside-view-of-brazzzersff-infrastructure-89b9188fd145}, language = {English}, urldate = {2022-08-28} } An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure
Riltok magecart Anubis Azorult BetaBot Buer CoalaBot CryptBot DiamondFox DreamBot GCleaner ISFB Loki Password Stealer (PWS) MedusaLocker MeguminTrojan Nemty PsiX RedLine Stealer SmokeLoader STOP TinyNuke Vidar Zloader
2020-11-03ComodoComodo
@online{comodo:20201103:versions:1db9572, author = {Comodo}, title = {{Versions of PsiXBot}}, date = {2020-11-03}, organization = {Comodo}, url = {https://blog.comodo.com/comodo-news/versions-of-psixbot/}, language = {English}, urldate = {2022-11-28} } Versions of PsiXBot
PsiX
2019-09-06ProofpointProofpoint Threat Insight Team
@online{team:20190906:psixbot:7f87948, author = {Proofpoint Threat Insight Team}, title = {{PsiXBot Now Using Google DNS over HTTPS and Possible New Sexploitation Module}}, date = {2019-09-06}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/psixbot-now-using-google-dns-over-https-and-possible-new-sexploitation-module}, language = {English}, urldate = {2019-12-20} } PsiXBot Now Using Google DNS over HTTPS and Possible New Sexploitation Module
PsiX
2019-09-05Twitter (@seckle_ch)Daniel Stirnimann
@online{stirnimann:20190905:doh:cdd8e54, author = {Daniel Stirnimann}, title = {{Tweet on DoH}}, date = {2019-09-05}, organization = {Twitter (@seckle_ch)}, url = {https://twitter.com/seckle_ch/status/1169558035649433600}, language = {English}, urldate = {2020-01-06} } Tweet on DoH
PsiX
2019-08-12ProofpointProofpoint Threat Insight Team
@online{team:20190812:psixbot:14fd373, author = {Proofpoint Threat Insight Team}, title = {{PsiXBot Continues to Evolve with Updated DNS Infrastructure}}, date = {2019-08-12}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/psixbot-continues-evolve-updated-dns-infrastructure}, language = {English}, urldate = {2019-12-20} } PsiXBot Continues to Evolve with Updated DNS Infrastructure
PsiX
2019-03-27Fox-ITStefano Antenucci, Antonio Parata
@online{antenucci:20190327:psixbot:9e1a258, author = {Stefano Antenucci and Antonio Parata}, title = {{PsiXBot: The Evolution Of A Modular .NET Bot}}, date = {2019-03-27}, organization = {Fox-IT}, url = {https://blog.fox-it.com/2019/03/27/psixbot-the-evolution-of-a-modular-net-bot/}, language = {English}, urldate = {2019-10-12} } PsiXBot: The Evolution Of A Modular .NET Bot
PsiX
2018-08-30Twitter (@mesa_matt)Matthew Mesa
@online{mesa:20180830:psix:18563f6, author = {Matthew Mesa}, title = {{Tweet on PsiX}}, date = {2018-08-30}, organization = {Twitter (@mesa_matt)}, url = {https://twitter.com/mesa_matt/status/1035211747957923840}, language = {English}, urldate = {2019-12-06} } Tweet on PsiX
PsiX

There is no Yara-Signature yet.