MALICIOUS (1) campaign cataloged at 2024-11-24(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2024-11-cometlogger

Multi-purpose infostealer, including grabbing cookies, files, information from cryptowallets; injecting code into discord application. This package is a builder for the actual malware

Abuse categories

clipboard_stealing

Campaign uses clipboard_stealing.

exfiltration_browser_data

Campaign uses exfiltration_browser_data.

exfiltration_crypto

Campaign uses exfiltration_crypto.

exfiltration_generic

Campaign uses exfiltration_generic.

files_exfiltration

Campaign uses files_exfiltration.

infostealer

Campaign uses infostealer.

peristence_autorun

Campaign uses peristence_autorun.

sandbox-detection

The package contains code to detect if it is running in a sandbox environment.

IoCs & related URLs

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

• hxxps://raw.githubusercontent.com/Blank-c/Discord-Injection-BG/main/injection-obfuscated.js

• hxxps://raw.githubusercontent.com/justforExela/injection/main/injection.js

• hxxps://raw.githubusercontent.com/addi00000/empyrean-injection/main/obfuscated.js

• hxxps://t.me/Comet

Packages in the campaign

campaign:2024-11-cometlogger

• cometlogger