TONEDEAF

Description

(FireEye) TONEDEAF is a backdoor that communicates with Command and Control servers using HTTP or DNS. Supported commands include system information collection, file upload, file download, and arbitrary shell command execution. Although this backdoor was coded to be able to communicate with DNS requests to the hard-coded Command and Control server, c[.]cdn-edge-akamai[.]com, it was not configured to use this functionality.

Names

Name
TONEDEAF

Type

Reconnaissance
Backdoor
Tunneling
Info stealer
Exfiltration

Information

https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.tonedeaf

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:TONEDEAF

Other Information

Uuid

fe0cfb06-ded6-4220-90c8-038cb2e88126

Last Card Change

2021-04-24

Threat Intelligence Garden

Explorer

TONEDEAF

TONEDEAF

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks