Cxclnt

Malware updated 21 days ago (2024-11-29T13:55:12.174Z)
Download STIX
Preview STIX
CXCLNT is a potent malware identified by researchers, designed to exploit and damage computer systems. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, CXCLNT has capabilities to upload and download files, clear system traces, and collect victim data such as file listings and system information. It's often deployed alongside another malware payload known as CLNTEND, both of which have been linked to Tidrone attackers. These threat actors have been observed using remote desktop tools, including the open-source remote administration utility UltraVNC, to deploy their custom malware payloads. The execution flow between previous and recent activities involving CXCLNT and CLNTEND demonstrates the evolution of these toolsets and tactics, techniques, and procedures (TTPs). Notably, both CXCLNT and CLNTEND backdoors are launched by sideloading a malicious DLL through the Microsoft Word application, indicating sophisticated attack vectors. The report concludes that these activities involve advanced malware variants such as CXCLNT and CLNTEND being spread through ERP software or remote desktops. Threat actors prefer command and control (C&C) server domains with misquoted names, like symantecsecuritycloud[.]com, microsoftsvc[.]com, and windowswns[.]com, whether it is for CLNTEND and CXCLNT, further complicating the identification and mitigation of these threats. These findings highlight the increasing sophistication of cyber threats and underscore the need for robust cyber defense strategies.
Description last updated: 2024-10-17T12:16:22.980Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Clntend is a possible alias for Cxclnt. CLNTEND is a sophisticated Remote Access Tool (RAT) malware first discovered in April, employed by Tidrone attackers. It supports multiple network protocols for covert communication with its command-and-control servers, making it a potent tool in the hands of cybercriminals. This malware, along with
4
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Cxclnt Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
3 months ago
BankInfoSecurity
3 months ago
Securityaffairs
3 months ago
Trend Micro
3 months ago