Names | FunnyDream | |
Category | Malware | |
Type | Backdoor, Dropper, Loader, Exfiltration | |
Description | (Bitdefender) The attackers used the backdoor prevalently as DLL files, but we observed an executable to be used as well. The files we found implement many persistence mechanisms, their droppers and loaders use many different file names for the payload, all of that suggesting that the backdoor is custom made. | |
Information | <https://www.bitdefender.com/files/News/CaseStudies/study/379/Bitdefender-Whitepaper-Chinese-APT.pdf> <https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf> <https://nao-sec.org/2021/01/royal-road-redive.html> <https://insight-jp.nttsecurity.com/post/102glv5/pandas-new-arsenal-part-3-smanager> | |
MITRE ATT&CK | <https://attack.mitre.org/software/S1044/> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.funny_dream> |
Last change to this tool card: 30 December 2022
Download this tool card in JSON format
Previous: FullThrottle
Next: FunnySwitch
Changed | Name | Country | Observed | ||
APT groups | |||||
FunnyDream | 2018 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |