Today > | 13 High | 31 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Malware Used in Attacks Against Korean Companies

July 1, 2024, 10:46 a.m.

Tags
korea
2024-07-01
lazarus
andariel
xctdoor
xcloader
hotcroissant
External References
Description

A recent analysis by ASEC discovered attacks exploiting a Korean ERP solution to distribute malware like XcLoader and Xctdoor. The attacks targeted Korean defense and manufacturing companies. The malware was propagated by compromising ERP update servers to install backdoors. Xctdoor captures system information and executes commands from threat actors.

Date

Published: July 1, 2024, 10:23 a.m.

Created: July 1, 2024, 10:23 a.m.

Modified: July 1, 2024, 10:46 a.m.

Indicators

9974b4befa2906a6925e786c47651319ed70e3b9fe1f76e25ae0ef81f6555996

934622b6a764a3b4f2a0049c62e66b9ad65a7987c83c37879c6772a61760707e

3e7715ac57003f8a80119ab348a7a7b260afde749cad3c56bd2d9ab931288f92

3d4b90f520ed82ef886f0a38e1a621ead2d42fa3ef91a6083a484f3e361028e2

195.50.242.110

http://beebeep.info/index.php

http://www.jikji.pe.kr/xe/files/attach/binaries/102/663/image.gif

www.jikji.pe.kr

beebeep.info

Download all indicators here!

Attack Patterns

HotCroissant - S0431

Xctdoor

XcLoader

Andariel

T1064

T1189

T1113

T1005

T1573

T1082

T1105

T1083

T1071

T1055

T1036

T1027

T1112

T1056

T1041

T1133

T1003

Additional Informations

Defense

Manufacturing

Korea, Democratic People's Republic of