S0117Windows

S0117XTunnel

Platforms
1
ATT&CK
14.1
References
5

Description

[XTunnel](https://attack.mitre.org/software/S0117) a VPN-like network proxy tool that can relay traffic between a C2 server and a victim. It was first seen in May 2013 and reportedly used by [APT28](https://attack.mitre.org/groups/G0007) during the compromise of the Democratic National Committee. (Citation: Crowdstrike DNC June 2016) (Citation: Invincea XTunnel) (Citation: ESET Sednit Part 2)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupAPT28g0007100%live

References

  1. https://attack.mitre.org/software/S0117
  2. https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/
  3. https://www.invincea.com/2016/07/tunnel-of-gov-dnc-hack-and-the-russian-xtunnel/
  4. http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf
  5. https://www.symantec.com/blogs/election-security/apt28-espionage-military-government

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
X-Tunnel
Software
XAgentOSX
Software
SHUTTERSPEED
Software
Tor
Group
APT29
Software
SLOWDRIFT
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.