MALICIOUS (1) campaign cataloged at 2024-11-24(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2024-11-cometlogger¶
Multi-purpose infostealer, including grabbing cookies, files, information from cryptowallets; injecting code into discord application. This package is a builder for the actual malware
Abuse categories¶
clipboard_stealing
Campaign uses clipboard_stealing.
exfiltration_browser_data
Campaign uses exfiltration_browser_data.
exfiltration_crypto
The package attempts to steal sensitive cryptocurrency-related data, like wallet keys.
exfiltration_generic
Campaign uses exfiltration_generic.
files_exfiltration
Campaign uses files_exfiltration.
infostealer
Activity is typical for information stealers, i.e. by exfiltrate various sensitive data from the victim's environment.
peristence_autorun
Campaign uses peristence_autorun.
sandbox-detection
The package contains code to detect if it is running in a sandbox environment.
IoCs & related URLs¶
URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.
-
hxxps://raw.githubusercontent.com/Blank-c/Discord-Injection-BG/main/injection-obfuscated.js -
hxxps://raw.githubusercontent.com/justforExela/injection/main/injection.js -
hxxps://raw.githubusercontent.com/addi00000/empyrean-injection/main/obfuscated.js -
hxxps://t.me/Comet