|
|
|
|
Aliases |
XTunnel, X-Tunnel, XAPS |
Type |
Malware |
Software: XTunnel, X-Tunnel, XAPS a
VPN-like network proxy tool that can relay traffic between a C2 server
and a victim. It was first seen in May 2013 and reportedly used by
APT28 during the compromise of the Democratic National Committee.
123
Techniques Used
- Credentials in Files - Software: XTunnel, X-Tunnel, XAPS is capable of accessing locally stored passwords on victims.2
- Remote File Copy - Software: XTunnel, X-Tunnel, XAPS is capable of downloading additional files.2
- Connection Proxy - Software: XTunnel, X-Tunnel, XAPS relays traffic between a C2 server and a victim.1
- Fallback Channels - The C2 server used by Software: XTunnel, X-Tunnel, XAPS provides a port number to the victim to use as a fallback in case the connection closes on the currently used port.3
- Binary Padding - A version of Software: XTunnel, X-Tunnel, XAPS introduced in July 2015 inserted junk code into the binary in a likely attempt to obfuscate it and bypass security products.3
- Obfuscated Files or Information - A version of Software: XTunnel, X-Tunnel, XAPS
introduced in July 2015 obfuscated the binary using opaque predicates
and other techniques in a likely attempt to obfuscate it and bypass
security products.3
Groups
The following groups use this software:
References
No comments:
Post a Comment