X-Agent
Description
CHOPSTICK is a malware family of modular backdoors used by APT28. It has been used since at least 2012 and is usually dropped on victims as second-stage malware, though it has been used as first-stage malware in several cases. It has both Windows and Linux variants. It is tracked separately from the X-Agent for Android.
Names
| Name |
|---|
| X-Agent |
| Xagent |
| Popr-d30 |
| SPLM |
| CHOPSTICK |
| fysbis |
| Backdoor.SofacyX |
| webhp |
Category
Malware
Type
- Backdoor
- Keylogger
- Info stealer
- Tunneling
Information
- https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf
- http://blog.crysys.hu/2017/01/technical-details-on-the-fancy-bear-android-malware-poprd30-apk/
- http://blog.crysys.hu/2017/03/update-on-the-fancy-bear-android-malware-poprd30-apk/
- https://contagiodump.blogspot.de/2017/02/russian-apt-apt28-collection-of-samples.html
- https://download.bitdefender.com/resources/files/News/CaseStudies/study/143/Bitdefender-Whitepaper-APT-Mac-A4-en-EN-web.pdf
- http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf
- https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/
- https://www.thecssc.com/wp-content/uploads/2018/10/4OctoberIOC-APT28-malware-advisory.pdf
- http://www2.fireeye.com/rs/fireye/images/rpt-apt28.pdf
- https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/
- http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Roman%20Holiday-Report_v6_1.pdf
Mitre Attack
- https://attack.mitre.org/software/S0023/
- https://attack.mitre.org/software/S0410/
- https://attack.mitre.org/software/S0161/
- https://attack.mitre.org/software/S0314/
Malpedia
- https://malpedia.caad.fkie.fraunhofer.de/details/apk.popr-d30
- https://malpedia.caad.fkie.fraunhofer.de/details/elf.xagent
- https://malpedia.caad.fkie.fraunhofer.de/details/osx.xagent
- https://malpedia.caad.fkie.fraunhofer.de/details/win.xagent
Alienvault Otx
Other Information
Uuid
d4eb88ba-57f3-4528-bda2-5c05b113e924
Last Card Change
2022-12-30