Crosswalk

Threat Actor Profile Updated 24 days ago
Download STIX
Preview STIX
Crosswalk, a threat actor in the cybersecurity industry, has been identified as utilizing FakeTLS in its traffic, presenting significant security concerns. This modular backdoor is implemented in shellcode, with the main payload being the Crosswalk backdoor itself. The malicious files associated with this threat are self-contained PL shellcode loaders, but the payload is specifically Crosswalk version 2.0. An investigation into network infrastructure and monitoring of new Crosswalk samples led to the discovery of other malicious objects containing Crosswalk shellcode as their payload. AI has facilitated crosswalk analysis between different cybersecurity frameworks from two different countries in mere minutes, demonstrating its potential to significantly enhance work efficiency. This was done through the HIPAA/NIST CSF Crosswalk Guide and the AI RMF Crosswalk. During the investigation, two Crosswalk C2 servers were found, 103.248.21[.]134 and 103.248.21[.]179, which contained an SSL certificate with SHA-1 value of b1d749a8883ac9860c45986e2ffe370feb3d9ab6. There is evidence to suggest a connection between the Crosswalk and ShadowPad network infrastructures. Other tools discovered during the investigation include Crosswalk and Metasploit injectors, the juicy-potato utility, and samples of FunnySwitch and ShadowPad. Notably, Crosswalk and FunnySwitch shellcode are located "as-is" in the data sections, while the samples with Metasploit show additional XOR encryption with the key "jj1". This highlights the complexity and sophistication of the Crosswalk threat actor's methods.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Crosswalk Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Higaisa or Winnti? APT41 backdoors, old and new
CERT-EU
9 months ago
Back to School Safety from the Dover Police Department – City of Dover Police Department | #schoolsaftey | National Cyber Security Consulting
CERT-EU
a year ago
Artificial Intelligence Has a NIST Framework for Cybersecurity Risk
Trend Micro
3 months ago
Global Security Trends: AI, Politics & Zero Trust
BankInfoSecurity
3 months ago
New Guides Aim to Help Health Sector Beef Up Cyber, Privacy
Recorded Future
a year ago
2022 Adversary Infrastructure Report
CERT-EU
a year ago
Artificial Intelligence Has a NIST Framework for Cybersecurity Risk | Polsinelli | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting