SYMBOLCOMMON_NAMEaka. SYNONYMS
win.xenorat (Back to overview)

XenoRAT


There is no description at this point.

References
2024-12-14Axel's IT Security ResearchAxel Mahr
How to Identify XenoRAT C2 Servers
XenoRAT
2024-11-19Hunt.ioHunt.io
XenoRAT Adopts Excel XLL Files and ConfuserEx as Access Method
XenoRAT
2024-08-21Cisco TalosAsheer Malhotra, Guilherme Venere, Vitor Ventura
MoonPeak malware from North Korean actors unveils new details on attacker infrastructure
MoonPeak XenoRAT UAT-5394
2024-07-06unknown
xeno-RAT open-source remote access tool (RAT)
XenoRAT
2024-06-25Hunt.ioHunt.io
Good Game, Gone Bad: Xeno RAT Spread Via .gg Domains and GitHub
XenoRAT
2024-02-23Cyfirmacyfirma
Xeno RAT: A New Remote Access Trojan with Advance Capabilities
XenoRAT
Yara Rules
[TLP:WHITE] win_xenorat_w0 (20240730 | Detects win.xenorat.)
rule win_xenorat_w0 {

    meta:
        author = "jeFF0Falltrades"
        date = "2024-07-30"
        version = "1"
        description = "Detects win.xenorat."
        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.xenorat"
        malpedia_rule_date = "20240730"
        malpedia_hash = ""
        malpedia_version = "20240730"
        malpedia_license = "CC BY-SA 4.0"
        malpedia_sharing = "TLP:WHITE"

    strings:
        $str_xeno_rat_1 = "xeno rat" wide ascii nocase
        $str_xeno_rat_2 = "xeno_rat" wide ascii nocase
        $str_xeno_update_mgr = "XenoUpdateManager" wide ascii
        $str_nothingset = "nothingset" wide ascii 
        $byte_enc_dec_pre = { 1f 10 8d [4] (0a | 0b) }
        $patt_config = { 72 [3] 70 80 [3] 04 }

    condition:
        4 of them and #patt_config >= 5
}
Download all Yara Rules