Scribd Logo
Upload

Welcome to Scribd!

  • 11 views

    TI Alert - XcLoader & Xctdoor - Malware - 2024-7-1 - 69354

    Uploaded by

    shahzad.ali237858

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    TI Alert - XcLoader & Xctdoor - Malware - 2024-7-1 - 69354

    Uploaded by

    shahzad.ali237858
    11 views4 pages

    Original Title

    TI Alert - XcLoader & Xctdoor_ Malware - 2024-7-1 - 69354

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    11 views4 pages

    TI Alert - XcLoader & Xctdoor - Malware - 2024-7-1 - 69354

    Uploaded by

    shahzad.ali237858

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 4

    XcLoader & Xctdoor: Malware

    The Threat Actor Campaign Targeted


    Korean Defense & Manufacturing
    Companies
    Threat Intelligence Alert

    Malware like XcLoader and Xctdoor are distributed using a Korean ERP solution. Korean defense and
    manufacturing firms were the focus of the strikes. Backdoors were installed on ERP update servers
    through compromise, which allowed the virus to spread. Xctdoor records system data and carries out
    threat actor directives.

    Privilege Escalation
    Remote Code Execution
    Information Theft
    Data Encryption
    Data Exfiltration
    Process Injection

    Microsoft Windows

    SHA256 :

    3d4b90f520ed82ef886f0a38e1a621ead2d42fa3ef91a6083a484f3e361028e2
    3e7715ac57003f8a80119ab348a7a7b260afde749cad3c56bd2d9ab931288f92
    934622b6a764a3b4f2a0049c62e66b9ad65a7987c83c37879c6772a61760707e
    9974b4befa2906a6925e786c47651319ed70e3b9fe1f76e25ae0ef81f6555996
    1417416ba94d9a0f3c34be4c529c2447de8db8785c6835851689f66e5b6c951d
    c61eca8cf14ce18a54616c3bbe17973a0c1ccca45bb1a2c4c13aa0c4c4996a7a

    SHA1 :

    3351a8e25e471e4704628e990525ceed1d79791b
    4787366989231b23beaa6db3147929190aa0c896
    73b3a3fa14b32dff0109cf1c05cdd9076aad1264
    afbd35ec6e045313a428c9ed125ce0ba6673cbe5
    16e0cc0f61c80e3d9d1eb4708c153b6b611e81af
    c7c8a0e82718712b1ccaeb5ed9cd28b3f6301292
    Threat Intelligence Alert

    MD5 :

    09a5069c9cc87af39bbb6356af2c1a36
    11465d02b0d7231730f3c4202b0400b8
    235e02eba12286e74e886b6c99e46fb7
    2e325935b2d1d0a82e63ff2876482956
    375f1cc32b6493662a78720c7d905bc3
    396bee51c7485c3a0d3b044a9ceb6487
    41d5d25de0ca0fdc54c24c484f9f8f55
    4f5e5a392b8a3e0cb32320ed1e8d0604
    54d5be3a4eb0e31c0ba7cb88f0a8e720
    6928fab25ac1255fbd8d6c1046653919
    9a580aaaa3e79b6f19a2c70e89b016e3
    9bbde4484821335d98b41b44f93276e8
    a42ae44761ce3294ce0775fe384d97b6
    ab8675b4943bc25a51da66565cfc8ac8
    ad96a8f22faab8b9c361cfccc381cd28
    b43a7dcfe53a981831ae763a9a5450fd
    b96b98dede8a64373b539f94042bdb41
    d787a33d76552019becfef0a4af78a11
    d852c3d06ef63ea6c6a21b0d1cdf14d4
    d938201644aac3421df7a3128aa88a53
    e554b1be8bab11e979c75e2c2453bc6a
    f24627f46ec64cae7a6fa9ee312c43d7

    Domains :

    beebeep[.]info
    www[.]jikji[.]pe[.]kr

    URLs :

    hxxp://beebeep[.]info/index[.]php
    hxxp://www[.]jikji[.]pe[.]kr/xe/files/attach/binaries/102/663/image[.]gif

    IPV4 :

    195[.]50[.]242[.]110
    Threat Intelligence Alert

    Block all threat indicators at your respective control.


    Search for IOCs in your environment.

    You might also like