Warning for Asset Management Program (TCO!Stream) Vulnerability and Update Recommendation

Vulnerable Software and Overview

TCO!Stream is an asset management solution developed by the Korean company, MLsoft. Consisting of a server and a client, administrators can use the console program to perform asset management work by accessing the server. TCO!Stream offers various features for asset management, but there is a process that runs constantly on the client in order to receive commands from the server. Commands are performed through this process. This management solution is exposed to vulnerability attacks that could exploit this program to execute codes remotely, so it must be updated to the most recent version.

Description of the Vulnerability

This vulnerability was first discovered and reported by AhnLab and the vulnerable versions of TCO!Stream are at risk of Remote Code Execution (RCE) vulnerability attacks.

Patch Target and Versions

TCO!Stream versions or earlier

Vulnerability Exploitation Log (Lazarus)

During the analysis process of a client company’s infiltration case, it was discovered that the TCO!Stream solution was exploited by a threat actor to execute their code remotely through multiple PCs and install backdoors.

Figure 1. History of exploitations from the Lazarus group


Users must check their program version by following the steps below and update their program to the latest version (versions or above).
– Service operator: Replace with the latest version through MLsoft
– Service user: Updated automatically when the operator switches to the latest version


Trojan/Win.Agent.C5356408 (2023.01.12.03)


– e7c9bf8bf075487a2d91e0561b86d6f5


  1. https://knvd.krcert.or.kr/detailSecNo.do?IDX=5881
  2. http://mlsoft.com/bbs/board.php?bo_table=54_1
  3. https://atip.ahnlab.com/ti/contents/asec-notes?i=11d64889-76f5-40a5-86d3-8319e1bef763

Subscribe to AhnLab’s next-generation threat intelligence platform ‘AhnLab TIP’ to check related IOC and detailed analysis information.

5 1 vote
Article Rating
Notify of

Inline Feedbacks
View all comments