Total Pageviews

Friday, 21 July 2017

XTunnel, X-Tunnel, XAPS






Aliases XTunnel, X-Tunnel, XAPS
Type Malware
Software: XTunnel, X-Tunnel, XAPS a VPN-like network proxy tool that can relay traffic between a C2 server and a victim. It was first seen in May 2013 and reportedly used by APT28 during the compromise of the Democratic National Committee.123

Techniques Used

  • Credentials in Files - Software: XTunnel, X-Tunnel, XAPS is capable of accessing locally stored passwords on victims.2
  • Remote File Copy - Software: XTunnel, X-Tunnel, XAPS is capable of downloading additional files.2
  • Connection Proxy - Software: XTunnel, X-Tunnel, XAPS relays traffic between a C2 server and a victim.1
  • Fallback Channels - The C2 server used by Software: XTunnel, X-Tunnel, XAPS provides a port number to the victim to use as a fallback in case the connection closes on the currently used port.3
  • Binary Padding - A version of Software: XTunnel, X-Tunnel, XAPS introduced in July 2015 inserted junk code into the binary in a likely attempt to obfuscate it and bypass security products.3
  • Obfuscated Files or Information - A version of Software: XTunnel, X-Tunnel, XAPS introduced in July 2015 obfuscated the binary using opaque predicates and other techniques in a likely attempt to obfuscate it and bypass security products.3

Groups

The following groups use this software:

References

No comments:

Post a Comment

Note: only a member of this blog may post a comment.