Description
A recent analysis by ASEC discovered attacks exploiting a Korean ERP solution to distribute malware like XcLoader and Xctdoor. The attacks targeted Korean defense and manufacturing companies. The malware was propagated by compromising ERP update servers to install backdoors. Xctdoor captures system information and executes commands from threat actors.
Date
| Published | Created | Modified |
|---|---|---|
| July 1, 2024, 10:23 a.m. | July 1, 2024, 10:23 a.m. | July 1, 2024, 10:46 a.m. |
Indicators
9974b4befa2906a6925e786c47651319ed70e3b9fe1f76e25ae0ef81f6555996
934622b6a764a3b4f2a0049c62e66b9ad65a7987c83c37879c6772a61760707e
3e7715ac57003f8a80119ab348a7a7b260afde749cad3c56bd2d9ab931288f92
3d4b90f520ed82ef886f0a38e1a621ead2d42fa3ef91a6083a484f3e361028e2
195.50.242.110
http://beebeep.info/index.php
http://www.jikji.pe.kr/xe/files/attach/binaries/102/663/image.gif
www.jikji.pe.kr
Attack Patterns
HotCroissant - S0431
Xctdoor
XcLoader
Andariel
T1064
T1189
T1113
T1005
T1573
T1082
T1105
T1083
T1071
T1055
T1036
T1027
T1112
T1056
T1041
T1133
T1003
Additional Informations
Defense
Manufacturing
Korea, Democratic People's Republic of