ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool FunnySwitch

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: FunnySwitch

NamesFunnySwitch
RouterGod
CategoryMalware
TypeLoader, Backdoor
Description(Trend Micro) FunnySwitch is a .NET Framework backdoor that usually starts with the “MITRE – Hijack Execution Flow: DLL Search Order Hijacking” technique and executes inside a legal process that was mentioned and analyzed by Positive Technologies in 2020.
Information<https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf>
<https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/higaisa-or-winnti-apt-41-backdoors-old-and-new/>

Last change to this tool card: 19 July 2022

Download this tool card in JSON format

All groups using tool FunnySwitch

ChangedNameCountryObserved

APT groups

XAPT 41China2012-Aug 2021X
 Earth LuscaChina2019 
XWinnti Group, Blackfly, Wicked PandaChina2010-Mar 2021 

3 groups listed (3 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]