Total Pageviews

Friday 21 July 2017

XTunnel, X-Tunnel, XAPS






Aliases XTunnel, X-Tunnel, XAPS
Type Malware
Software: XTunnel, X-Tunnel, XAPS a VPN-like network proxy tool that can relay traffic between a C2 server and a victim. It was first seen in May 2013 and reportedly used by APT28 during the compromise of the Democratic National Committee.123

Techniques Used

  • Credentials in Files - Software: XTunnel, X-Tunnel, XAPS is capable of accessing locally stored passwords on victims.2
  • Remote File Copy - Software: XTunnel, X-Tunnel, XAPS is capable of downloading additional files.2
  • Connection Proxy - Software: XTunnel, X-Tunnel, XAPS relays traffic between a C2 server and a victim.1
  • Fallback Channels - The C2 server used by Software: XTunnel, X-Tunnel, XAPS provides a port number to the victim to use as a fallback in case the connection closes on the currently used port.3
  • Binary Padding - A version of Software: XTunnel, X-Tunnel, XAPS introduced in July 2015 inserted junk code into the binary in a likely attempt to obfuscate it and bypass security products.3
  • Obfuscated Files or Information - A version of Software: XTunnel, X-Tunnel, XAPS introduced in July 2015 obfuscated the binary using opaque predicates and other techniques in a likely attempt to obfuscate it and bypass security products.3

Groups

The following groups use this software:

References

  1. a b c  Alperovitch, D.. (2016, June 15). Bears in the Midst: Intrusion into the Democratic National Committee. Retrieved August 3, 2016.
  2. a b c d e  Belcher, P.. (2016, July 28). Tunnel of Gov: DNC Hack and the Russian XTunnel. Retrieved August 3, 2016.
  1. a b c d e  ESET. (2016, October). En Route with Sednit - Part 2: Observing the Comings and Goings. Retrieved November 21, 2016.
  2.  
  3. from https://attack.mitre.org/wiki/Software/S0117
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)