XTunnel a VPN-like network proxy tool that can relay traffic between a C2 server and a victim. It was first seen in May 2013 and reportedly used by APT28 during the compromise of the Democratic National Committee.   
Associated Software: Trojan.Shunnael, X-Tunnel, XAPS
Created: 31 May 2017
Last Modified: 21 March 2020
Associated Software Descriptions
|Enterprise||T1059||.003||Command and Scripting Interpreter: Windows Command Shell|
|Enterprise||T1573||.002||Encrypted Channel: Asymmetric Cryptography|
|Enterprise||T1046||Network Service Scanning|
|Enterprise||T1027||Obfuscated Files or Information|
|Enterprise||T1552||.001||Unsecured Credentials: Credentials In Files|
Groups That Use This Software
- Alperovitch, D.. (2016, June 15). Bears in the Midst: Intrusion into the Democratic National Committee. Retrieved August 3, 2016.
- Belcher, P.. (2016, July 28). Tunnel of Gov: DNC Hack and the Russian XTunnel. Retrieved August 3, 2016.
- ESET. (2016, October). En Route with Sednit - Part 2: Observing the Comings and Goings. Retrieved November 21, 2016.
- Symantec Security Response. (2018, October 04). APT28: New Espionage Operations Target Military and Government Organizations. Retrieved November 14, 2018.
- ESET. (2016, October). En Route with Sednit - Part 3: A Mysterious Downloader. Retrieved November 21, 2016.
- Brady, S . (2018, October 3). Indictment - United States vs Aleksei Sergeyevich Morenets, et al.. Retrieved October 1, 2020.