Frankenstein Variant of the ToneShell Backdoor Targeting Myanmar
ID: 55ae30b9-9b8a-5764-9c19-9d22fc918c4e
STIX ID: report--55ae30b9-9b8a-5764-9c19-9d22fc918c4e
Feed Name: Intezer Blog
Threat Score
Executive summary: This report provides a technical analysis of a ToneShell backdoor variant used by Mustang Panda, detailing delivery via DLL sideloading, persistence (AppData and scheduled task), extensive anti-analysis/stalling techniques, GUID and FakeTLS-like C2 protocol behavior, and IOCs (file/archive SHA256 hashes and C2 146.70.29.229:443), noting continued targeting of Myanmar and recommending ongoing threat hunting.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.