IXESHE malware

GPTKB entity

Statements (39)
Predicate Object
gptkbp:instanceOf malware
gptkbp:abilities data exfiltration
screenshot capture
remote command execution
keylogging
file upload and download
gptkbp:alsoKnownAs gptkb:IXESHE
AIXESHE
IXESHE.A
LURID
gptkbp:analyzes gptkb:Kaspersky_Lab
gptkb:Symantec
gptkb:Trend_Micro
gptkbp:commanded dynamic DNS
hardcoded IP addresses
gptkbp:discoveredBy 2009
gptkbp:exfiltrationMethod gptkb:HTTP
custom TCP protocol
https://www.w3.org/2000/01/rdf-schema#label IXESHE malware
gptkbp:notable_campaign 2012 East Asia cyber espionage campaign
gptkbp:notableFeature multi-language support
modular architecture
gptkbp:origin China (suspected)
gptkbp:persistenceMechanism scheduled tasks
Windows registry modification
gptkbp:platform gptkb:Microsoft_Windows
gptkbp:signatureFamily LURID family
gptkbp:target gptkb:diplomat
defense contractors
East Asian governments
gptkbp:usedFor cybercrime
gptkbp:usesMalware gptkb:PlugX
gptkb:Poison_Ivy
Trojan
gptkbp:vectorFor malicious email attachments
spear phishing
gptkbp:writtenBy gptkb:C++
gptkbp:bfsParent gptkb:APT12
gptkbp:bfsLayer 8