{
	"id": "1cf1554c-5e7a-4b3a-adc7-aa89b0fa53f0",
	"created_at": "2026-04-06T00:13:28.581155Z",
	"updated_at": "2026-04-10T13:13:01.933714Z",
	"deleted_at": null,
	"sha1_hash": "1ec215fb9d004929daa2bdbaa5f8daba3e8eef94",
	"title": "PsiX (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48161,
	"plain_text": "PsiX (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 22:23:48 UTC\r\nwin.psix (Back to overview)\r\nPsiX\r\naka: PsiXBot\r\nAccording to Matthew Mesa, this is a modular bot. The name stems from the string PsiXMainModule in binaries\r\nuntil mid of September 2018.\r\nIn binaries, apart from BotModule and MainModule, references to the following Modules have be observed:\r\nBrowserModule\r\nBTCModule\r\nComplexModule\r\nKeyLoggerModule\r\nOutlookModule\r\nProcessModule\r\nRansomwareModule\r\nSkypeModule\r\nReferences\r\n2022-08-08 ⋅ Medium CSIS Techblog ⋅ Benoît Ancel\r\nAn inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure\r\nRiltok magecart Anubis Azorult BetaBot Buer CoalaBot CryptBot DiamondFox DreamBot GCleaner ISFB\r\nLoki Password Stealer (PWS) MedusaLocker MeguminTrojan Nemty PsiX RedLine Stealer SmokeLoader\r\nSTOP TinyNuke Vidar Zloader\r\n2020-11-03 ⋅ Comodo ⋅ Comodo\r\nVersions of PsiXBot\r\nPsiX\r\n2019-09-06 ⋅ Proofpoint ⋅ Proofpoint Threat Insight Team\r\nPsiXBot Now Using Google DNS over HTTPS and Possible New Sexploitation Module\r\nPsiX\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.psix\r\nPage 1 of 2\n\n2019-09-05 ⋅ Twitter (@seckle_ch) ⋅ Daniel Stirnimann\r\nTweet on DoH\r\nPsiX\r\n2019-08-12 ⋅ Proofpoint ⋅ Proofpoint Threat Insight Team\r\nPsiXBot Continues to Evolve with Updated DNS Infrastructure\r\nPsiX\r\n2019-03-27 ⋅ Fox-IT ⋅ Antonio Parata, Stefano Antenucci\r\nPsiXBot: The Evolution Of A Modular .NET Bot\r\nPsiX\r\n2018-08-30 ⋅ Twitter (@mesa_matt) ⋅ Matthew Mesa\r\nTweet on PsiX\r\nPsiX\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.psix\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.psix\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.psix"
	],
	"report_names": [
		"win.psix"
	],
	"threat_actors": [
		{
			"id": "5a0483f5-09b3-4673-bb5a-56d41eaf91ed",
			"created_at": "2023-01-06T13:46:38.814104Z",
			"updated_at": "2026-04-10T02:00:03.110104Z",
			"deleted_at": null,
			"main_name": "MageCart",
			"aliases": [],
			"source_name": "MISPGALAXY:MageCart",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434408,
	"ts_updated_at": 1775826781,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1ec215fb9d004929daa2bdbaa5f8daba3e8eef94.pdf",
		"text": "https://archive.orkl.eu/1ec215fb9d004929daa2bdbaa5f8daba3e8eef94.txt",
		"img": "https://archive.orkl.eu/1ec215fb9d004929daa2bdbaa5f8daba3e8eef94.jpg"
	}
}