{
  "name": "Malware Used in Attacks Against Korean Companies",
  "slug": "malware-used-in-attacks-against-korean-companies",
  "description": "A recent analysis by ASEC discovered attacks exploiting a Korean ERP solution to distribute malware like XcLoader and Xctdoor. The attacks targeted Korean defense and manufacturing companies. The malware was propagated by compromising ERP update servers to install backdoors. Xctdoor captures system information and executes commands from threat actors.",
  "published": "2024-07-01T08:23:10+00:00",
  "created_at": "2024-07-01T08:23:10+00:00",
  "modified_at": "2024-07-01T08:46:01+00:00",
  "created_at_opencti": "2024-07-01T08:23:10+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-07-01",
    "andariel",
    "hotcroissant",
    "korea",
    "lazarus",
    "xcloader",
    "xctdoor"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "195.50.242.110"
      },
      {
        "id": "",
        "name": "http://beebeep.info/index.php"
      },
      {
        "id": "",
        "name": "http://www.jikji.pe.kr/xe/files/attach/binaries/102/663/image.gif"
      },
      {
        "id": "",
        "name": "www.jikji.pe.kr"
      },
      {
        "id": "",
        "name": "beebeep.info"
      },
      {
        "id": "",
        "name": "9974b4befa2906a6925e786c47651319ed70e3b9fe1f76e25ae0ef81f6555996"
      },
      {
        "id": "",
        "name": "934622b6a764a3b4f2a0049c62e66b9ad65a7987c83c37879c6772a61760707e"
      },
      {
        "id": "",
        "name": "3e7715ac57003f8a80119ab348a7a7b260afde749cad3c56bd2d9ab931288f92"
      },
      {
        "id": "",
        "name": "3d4b90f520ed82ef886f0a38e1a621ead2d42fa3ef91a6083a484f3e361028e2"
      }
    ],
    "malware": [
      {
        "id": "6cc237ba-9918-4bd2-b343-d399915dd154",
        "name": "HotCroissant - S0431",
        "slug": "hotcroissant-s0431"
      },
      {
        "id": "eaa3b718-29af-40a7-8bac-15f9058ab2a4",
        "name": "Xctdoor",
        "slug": "xctdoor"
      },
      {
        "id": "legacy:malware:a5cc9a7ee5388cff",
        "name": "XcLoader",
        "slug": "xcloader"
      }
    ],
    "intrusion_sets": [
      {
        "id": "64af6ec8-9002-49ef-bc67-356f287748c3",
        "name": "Andariel",
        "slug": "andariel"
      }
    ],
    "attack_patterns": [
      {
        "id": "4d36ebe8-4925-419a-bdd5-73f6427a975d",
        "name": "T1064"
      },
      {
        "id": "fe6f2946-a01e-460c-9636-8c48b45dd0e6",
        "name": "T1189"
      },
      {
        "id": "8e0fea81-4d54-4e88-a7dd-3aa8b26558ed",
        "name": "T1113"
      },
      {
        "id": "97d377d8-89c7-48f8-a79f-0f48bd60df74",
        "name": "T1005"
      },
      {
        "id": "a72ebeae-8e62-4039-8135-e9c611011fdc",
        "name": "T1573"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571",
        "name": "T1105"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e",
        "name": "T1071"
      },
      {
        "id": "c3af9fd7-d307-4df4-9220-cc627938fb85",
        "name": "T1055"
      },
      {
        "id": "7d7ac733-6442-416f-8669-c302dd0843b9",
        "name": "T1036"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "09124a92-c11f-4571-b35b-ab0bce6dd081",
        "name": "T1112"
      },
      {
        "id": "0b2b1ecd-d52e-492a-af08-050954bc03e5",
        "name": "T1056"
      },
      {
        "id": "fa3b8b48-d97c-4242-83a6-07d435a5a79e",
        "name": "T1041"
      },
      {
        "id": "b9eab970-53dd-4977-9a26-c4fe566e422d",
        "name": "T1133"
      },
      {
        "id": "74d6e294-54d1-4a21-9dfc-df5870f8ec8e",
        "name": "T1003"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Korea, Democratic People's Republic of"
      },
      {
        "id": "",
        "name": "Defense"
      },
      {
        "id": "",
        "name": "Manufacturing"
      }
    ]
  },
  "external_refs": [
    "https://asec.ahnlab.com/en/67558/",
    "https://otx.alienvault.com/pulse/6682838e9e0ffcf9b69b15bf"
  ]
}