XenoRAT (Malware Family)

XenoRAT

There is no description at this point.

References

2024-08-21 ⋅ Cisco Talos ⋅ Asheer Malhotra, Guilherme Venere, Vitor Ventura
MoonPeak malware from North Korean actors unveils new details on attacker infrastructure
MoonPeak XenoRAT UAT-5394

2024-07-06 ⋅ unknown
xeno-RAT open-source remote access tool (RAT)
XenoRAT

2024-06-25 ⋅ Hunt.io ⋅ Hunt.io
Good Game, Gone Bad: Xeno RAT Spread Via .gg Domains and GitHub
XenoRAT

Yara Rules

[TLP:WHITE] win_xenorat_w0 (20240730 | Detects win.xenorat.)

rule win_xenorat_w0 {

    meta:
        author = "jeFF0Falltrades"
        date = "2024-07-30"
        version = "1"
        description = "Detects win.xenorat."
        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.xenorat"
        malpedia_rule_date = "20240730"
        malpedia_hash = ""
        malpedia_version = "20240730"
        malpedia_license = "CC BY-SA 4.0"
        malpedia_sharing = "TLP:WHITE"

    strings:
        $str_xeno_rat_1 = "xeno rat" wide ascii nocase
        $str_xeno_rat_2 = "xeno_rat" wide ascii nocase
        $str_xeno_update_mgr = "XenoUpdateManager" wide ascii
        $str_nothingset = "nothingset" wide ascii 
        $byte_enc_dec_pre = { 1f 10 8d [4] (0a | 0b) }
        $patt_config = { 72 [3] 70 80 [3] 04 }

    condition:
        4 of them and #patt_config >= 5
}

Download all Yara Rules

XenoRAT Propose Change

References

Yara Rules

XenoRAT