Skip to content

Hide Navigation Hide TOC

XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)

XTunnel a VPN-like network proxy tool that can relay traffic between a C2 server and a victim. It was first seen in May 2013 and reportedly used by APT28 during the compromise of the Democratic National Committee. (Citation: Crowdstrike DNC June 2016) (Citation: Invincea XTunnel) (Citation: ESET Sednit Part 2)

Cluster A Galaxy A Cluster B Galaxy B Level
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 1
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern 1
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 1
X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101) Tool XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 1
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 1
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 1
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 1
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74) Malpedia 1
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern 2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 2
X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101) Tool XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74) Malpedia 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2