← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
xHunt Campaign: Newly Discovered Backdoors Using C2
WHITE xHunt AlienVault 2020-11-09 Modified: 2020-12-09
11
IOCs
MEDIUM VOLUME
A new set of backdoors has been discovered by Palo Alto Networks as part of the xHunt campaign, which has targeted Microsoft Exchange servers in Kuwait and other countries, and is designed to gain access to compromised servers.
xhunttrifivesnugycashy200powershellhisokaC2icmpMicrosoft Exchange
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Snugy TriFive xHunt
Indicators of Compromise (8 / 11 total)
All FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 0ea5565c15303c56c69bbadee462e9c63dbd6ee52f00f187e435af224a48795b 2020-11-09
FileHash-SHA256 19e3b10056e33fa7559daf8d9a5104ebb313675a2b4daca37bab7da1a49c2e0f 2020-11-09
FileHash-SHA256 5f1bf0d5f4fbb8f737c7c543ab2a83991da855aa7bfe03f2953ec6923b952d08 2020-11-09
FileHash-SHA256 ff0bd8f8dee90ba71a491f17b9fda52c918ef9d3580d562029268a99b7410e19 2020-11-09
FileHash-SHA256 efaa5a87afbb18fc63dbf4527ca34b6d376f14414aa1e7eb962485c45bf38372 2020-11-09
FileHash-SHA256 407e5fe4f6977dd27bc0050b2ee8f04b398e9bd28edd9d4604b782a945f8120f 2020-11-09
FileHash-SHA256 a4a0ec94dd681c030d66e879ff475ca76668acc46545bbaff49b20e17683f99c 2020-11-09
FileHash-SHA256 c18985a949cada3b41919c2da274e0ffa6e2c8c9fb45bade55c1e3b6ee9e1393 2020-11-09
References (1)
↗ https://unit42.paloaltonetworks.com/xhunt-campaign-backdoors/