ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool TONESHELL

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: TONESHELL

NamesTONESHELL
CategoryMalware
TypeBackdoor
Description(Trend Micro) The TONESHELL malware is the main backdoor used in this campaign. It is a shellcode loader that loads and decodes the backdoor shellcode with a 32-byte key in memory. In the earlier version of TONESHELL, it has the capabilities from TONEINS malware, including establishing persistence and installing backdoors. However, the more recent version of TONESHELL is a standalone backdoor without any installer capabilities (such as the file ~$Talk points.docx). It is also obfuscated in a similar fashion to TONEINS malware, indicating that the actors continue to update the arsenal and separate the tools in order to bypass detection.
Information<https://www.trendmicro.com/en_us/research/22/k/earth-preta-spear-phishing-governments-worldwide.html>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.toneshell>

Last change to this tool card: 22 June 2023

Download this tool card in JSON format

Previous: TONEINS
Next: Tonnerre

All groups using tool TONESHELL

ChangedNameCountryObserved

APT groups

XMustang Panda, Bronze PresidentChina2012-Nov 2023 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]