- May 4, 2019
- 801
ThreatLabz recently discovered a sample of the multi-function malware LilithBot in our database. Further research revealed that this was associated with the Eternity group (a.k.a. EternityTeam; Eternity Project), a threat group linked to the Russian “Jester Group,” that has been active since at least January 2022. Eternity uses an as-a-service subscription model to distribute different Eternity-branded malware modules in underground forums, including a stealer, miner, botnet, ransomware, worm+dropper, and DDoS bot.
The LilithBot we discovered was being distributed through a dedicated Telegram group and a Tor link that provided one-stop-shopping for these various payloads. In addition to its primary botnet functionality, it also had built-in stealer, clipper, and miner capabilities. In this blog, we’ll provide a deep analysis of the LilithBot campaign, including a look at several variants.
Analysis of LilithBot Malware and Eternity Threat Group | Zscaler
ThreatLabz analysis of LilithBot, a multifunction malware sold as-a-service by the Eternity threat group.
www.zscaler.com