xPack

Description

(Symantec) The backdoor allowed the attackers to run WMI commands remotely, while there is also evidence that they leveraged EternalBlue exploits in the backdoor. The attackers appeared to have the ability to interact with SMB shares, and it’s possible that they used mounted shares over SMB to transfer files from attacker-controlled infrastructure. There is also evidence that the attackers were able to browse the web through the backdoor, likely using it as a proxy to mask their IP address.

Names

Name
xPack
NERAPACK

Type

Backdoor
Remote command
Exfiltration

Information

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/china-apt-antlion-taiwan-financial-attacks

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.xpack

Other Information

Uuid

499c6ccf-8841-4343-92fe-fa4b37a6fc49

Last Card Change

2022-12-28

Threat Intelligence Garden

Explorer

xPack

xPack

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks