← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Supply Chain Compromise Campaign Targeting 3CXDesktopApp Customers
WHITE Tr1sa111 2023-04-05 Modified: 2023-04-05
277
IOCs
HIGH VOLUME
3CXDesktopAppSupply Chain Compromise
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (31 / 277 total)
All domain FileHash-SHA1 FileHash-MD5 FileHash-SHA256 URL email
TYPEINDICATORDESCRIPTIONCREATED
URL https://msedgepackageinfo.com/microsoft-edge 2023-04-05
URL https://officeaddons.com/technologies 2023-04-05
URL https://pbxphonenetwork.com/voip 2023-04-05
URL https://akamaitechcloudservices.com/v2/storage 2023-04-05
URL https://azuredeploystore.com/cloud/services 2023-04-05
URL https://azureonlinestorage.com/azure/storage 2023-04-05
URL https://glcloudservice.com/v1/console 2023-04-05
URL https://msedgeupdate.net/Windows 2023-04-05
URL https://msstorageazure.com/window 2023-04-05
URL https://msstorageboxes.com/office 2023-04-05
URL https://officestoragebox.com/api/session 2023-04-05
URL https://pbxcloudeservices.com/phonesystem 2023-04-05
URL https://pbxsources.com/exchange 2023-04-05
URL https://sourceslabs.com/downloads 2023-04-05
URL https://visualstudiofactory.com/workload 2023-04-05
URL https://zacharryblogs.com/feed 2023-04-05
URL http://acharryblogs.com/xmlquery 2023-04-05
URL http://akamaitechcloudservices.com/v2/fileapi 2023-04-05
URL http://azuredeploystore.com/cloud/images 2023-04-05
URL http://azureonlinestorage.com/google/storage 2023-04-05
URL http://glcloudservice.com/v1/status 2023-04-05
URL http://msedgepackageinfo.com/ms-webview 2023-04-05
URL http://msstorageboxes.com/xbox 2023-04-05
URL http://officeaddons.com/quality 2023-04-05
URL http://officestoragebox.com/api/biosync 2023-04-05
URL http://pbxcloudeservices.com/network 2023-04-05
URL http://pbxphonenetwork.com/phone 2023-04-05
URL http://pbxsources.com/queue 2023-04-05
URL http://sourceslabs.com/status 2023-04-05
URL http://visualstudiofactory.com/groupcore 2023-04-05
URL http://github.com/IconStorages/images 2023-04-05
References (7)
↗ https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ ↗ https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/ ↗ https://objective-see.org/blog/blog_0x73.html ↗ https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/ ↗ https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats ↗ https://www.3cx.com/blog/news/desktopapp-security-alert/ ↗ https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trustwave-action-response-supply-chain-attack-using-3cx-pbax-software/