XCSSET Update: Abuse of Browser Debug Modes, Findings from the C2 Server, and an Inactive Ransomware Module
Common Information
| Type | Value |
|---|---|
| UUID | 9d0ae8a7-e5f9-43ae-8f28-2ebf9f6591a1 |
| Fingerprint | 572460813332b26246ecb090b54cd46fa8b488acb2f9b53fe67ac1e38ea681ba |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 2, 2020, 10:08 a.m. |
| Added to db | April 14, 2024, 10:16 a.m. |
| Last updated | Aug. 30, 2024, 10:42 p.m. |
| Headline | XCSSET Update: Abuse of Browser Debug Modes, Findings from the C2 Server, and an Inactive Ransomware Module |
| Title | XCSSET Update: Abuse of Browser Debug Modes, Findings from the C2 Server, and an Inactive Ransomware Module |
| Detected Hints/Tags/Attributes | 70/3/17 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 9 | notes.app |
|
| Details | Domain | 359 | com.apple |
|
| Details | Domain | 10 | appleid.apple.com |
|
| Details | Domain | 21 | xcode.app |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | File | 32 | prefs.js |
|
| Details | File | 2 | agentd.php |
|
| Details | File | 97 | upload.php |
|
| Details | File | 1 | translate.php |
|
| Details | File | 1 | googletranslateforfree.php |
|
| Details | File | 1 | cron_comeback.php |
|
| Details | File | 11 | common.php |
|
| Details | File | 1 | targets.php |
|
| Details | File | 1 | sessions.sql |
|
| Details | File | 4 | com.php |
|
| Details | sha256 | 3 | a238ed8a801e48300169afae7d27b5e49a946661ed91fab4f792e99243fbc28d |
|
| Details | sha256 | 3 | d11a549e6bc913c78673f4e142e577f372311404766be8a3153792de9f00f6c1 |