CrowdStrike Prevents 3CXDesktopApp Intrusion Campaign
Contents
CrowdStrike Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers
March 29, 2023CrowdStrike Research & Threat Intel
Note: Content from this post first appeared in r/CrowdStrike
We will continue to update on this dynamic situation as more details become available. CrowdStrike’s Intelligence team is in contact with 3CX.
On March 29, 2023, CrowdStrike observed unexpected malicious activity emanating from a legitimate, signed binary, 3CXDesktopApp â a softphone application from 3CX. The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity.Â
The CrowdStrike Falcon® platform has behavioral preventions and atomic indicator detections targeting the abuse of 3CXDesktopApp. In addition, CrowdStrike® Falcon OverWatch⢠helps customers stay vigilant against hands-on-keyboard activity.
CrowdStrike customers can log into the customer support portal and follow the latest updates in Trending Threats & Vulnerabilities: Intrusion Campaign Targeting 3CX Customers
The 3CXDesktopApp is available for Windows, macOS, Linux and mobile. At this …
March 29, 2023CrowdStrike Research & Threat Intel
Note: Content from this post first appeared in r/CrowdStrike
We will continue to update on this dynamic situation as more details become available. CrowdStrike’s Intelligence team is in contact with 3CX.
On March 29, 2023, CrowdStrike observed unexpected malicious activity emanating from a legitimate, signed binary, 3CXDesktopApp â a softphone application from 3CX. The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity.Â
The CrowdStrike Falcon® platform has behavioral preventions and atomic indicator detections targeting the abuse of 3CXDesktopApp. In addition, CrowdStrike® Falcon OverWatch⢠helps customers stay vigilant against hands-on-keyboard activity.
CrowdStrike customers can log into the customer support portal and follow the latest updates in Trending Threats & Vulnerabilities: Intrusion Campaign Targeting 3CX Customers
The 3CXDesktopApp is available for Windows, macOS, Linux and mobile. At this …
IoC
5407cda7d3a75e7b1e030b1f33337a56f293578ffa8b3ae19c671051ed314290
59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983
92005051ae314d61074ed94a52e76b1c3e21e7f0e8c1d1fdd497a006ce45fa61
aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868
b86c695822013483fa4e2dfdf712c5ee777d7b99cbad8c2fa2274b133481eadb
dde03348075512796241389dfea5560c20a3d2a2eac95c894e7bbed5e85a0acc
e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec
fad482ded2e25ce9e1dd3d3ecc3227af714bdfbbde04347dbc1b21d6a3670405
http://akamaicontainer.com
http://akamaitechcloudservices.com
http://azuredeploystore.com
http://azureonlinecloud.com
http://azureonlinestorage.com
http://dunamistrd.com
http://glcloudservice.com
http://journalide.org
http://msedgepackageinfo.com
http://msstorageazure.com
http://msstorageboxes.com
http://officeaddons.com
http://officestoragebox.com
http://pbxcloudeservices.com
http://pbxphonenetwork.com
http://pbxsources.com
http://qwepoi123098.com
http://sbmsa.wiki
http://sourceslabs.com
http://visualstudiofactory.com
http://zacharryblogs.com
59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983
92005051ae314d61074ed94a52e76b1c3e21e7f0e8c1d1fdd497a006ce45fa61
aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868
b86c695822013483fa4e2dfdf712c5ee777d7b99cbad8c2fa2274b133481eadb
dde03348075512796241389dfea5560c20a3d2a2eac95c894e7bbed5e85a0acc
e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec
fad482ded2e25ce9e1dd3d3ecc3227af714bdfbbde04347dbc1b21d6a3670405
http://akamaicontainer.com
http://akamaitechcloudservices.com
http://azuredeploystore.com
http://azureonlinecloud.com
http://azureonlinestorage.com
http://dunamistrd.com
http://glcloudservice.com
http://journalide.org
http://msedgepackageinfo.com
http://msstorageazure.com
http://msstorageboxes.com
http://officeaddons.com
http://officestoragebox.com
http://pbxcloudeservices.com
http://pbxphonenetwork.com
http://pbxsources.com
http://qwepoi123098.com
http://sbmsa.wiki
http://sourceslabs.com
http://visualstudiofactory.com
http://zacharryblogs.com