#Toneshell - Twitter Hashtag

5 months ago

APT Analysis: Mustang Panda & ToneShell #MustangPanda #ToneShell #APT #CyberSecurity #ThreatIntel #MalwareAnalysis #Rootkit #امنیت_سایبری #تهدیدات_سایبری #تحلیل_بدافزار 1/6

1

2

0

210

Mr.Rabbit

@01ra66it

5 months ago

ToneShellは中国系APTが使う長期潜伏型バックドア。低ノイズC2と高い隠蔽性で諜報活動を継続。最近はrootkit併用で不可視化も強化。検知＝既に深部侵害の可能性。#APT #ToneShell #CyberEspionage https://t.co/fsv4GkgTIW

0

3

1

0

402

Hackread.com @HackRead

5 months ago

HoneyMyte aka Mustang Panda is using a signed rootkit to drop the #ToneShell backdoor in ongoing attacks, hiding its activity from security tools and giving attackers remote access to system. Read: https://t.co/31dsia9x3r #CyberSecurity #HoneyMyte #MustangPanda #Malware

0

9

5

1

1K

Threat Intelligence @threatintel

9 months ago

#ThreatProtection New campaign distributing #SnakeDisk worm and the #Toneshell #backdoor, read more about Symantec's protection: https://t.co/CR5YmChmPX

0

1

0

1K

Mr.Rabbit

@01ra66it

9 months ago

Mustang Panda 最新攻撃：タイ限定の USB ワーム SnakeDisk による拡散＋隠蔽 Yokai バックドアドロップ。ToneShell8/9 バージョンは FakeTLS/TLS 1.3 頭出し／PRNG 隠蔽などで検出回避。#MustangPanda #USBWorm #ToneShell https://t.co/l5sz3Nx1OR

0

2

0

585

Threat Intelligence @threatintel

9 months ago

#ThreatProtection #Fireant group continues targeting Myanmar with #ToneShell #malware, read more: https://t.co/pFdIjwzmo0

0

1

1K

yed @frdfzi

10 months ago

Cyber_Safety_Checklist_2025.rar #ToneShell uploaded from SG in 2025-07-30.. Is HoneyMyte (Mustang Panda) currently targeting Singapore? I'm not sure... https://t.co/grZBhqKPD0 CC: @douglasmun

yed @frdfzi

10 months ago

Hotel Booking Request.7z #ToneShell's HoneyMyte, uploaded from Singapore last month https://t.co/LRn8C3YVrk

1

33

12

4

6K

1

43

11

14

3K

yed @frdfzi

10 months ago

Hotel Booking Request.7z #ToneShell's HoneyMyte, uploaded from Singapore last month https://t.co/LRn8C3YVrk

1

33

12

4

6K

Threat Intelligence @threatintel

10 months ago

#ThreatProtection #ToneShell #backdoor continues to be leveraged by the #Fireant #APT, read more about Symantec's protection: https://t.co/ORlcgjIJsk

0

2

0

2K

Hunt.io

@Huntio

11 months ago

💡 A deep look into attacker behavior through open data. https://t.co/eFAOiVVMi1 Our research led us to a cyber espionage campaign using the #ToneShell backdoor, targeted attendees of the 2024 #IISS #DefenceSummit in Prague. The attack employed a malicious PIF file disguised as the summit agenda, which upon execution, deployed SFFWallpaperCore.exe and libemb.dll. See what we found ⬇️ #CyberSecurity #ThreatHunting #MalwareAnalysis

0

22

5

2

1K

neeraj @knight0x07

about 1 year ago

Identified that the RC4 key used in #MustangPanda's new #keylogger #CorKLOG is identical to RC4 key found in 2023 #ToneShell variant deployed in a campaign attributed to Chinese TA #CeranaKeeper (@ESETresearch) #cyber #dfir #infosec #cybersecurity #malware #threatintel #cti #apt

knight0x07's tweet photo. Identified that the RC4 key used in #MustangPanda's new #keylogger #CorKLOG is identical to RC4 key found in 2023 #ToneShell variant deployed in a campaign attributed to Chinese TA #CeranaKeeper (@ESETresearch)

#cyber #dfir #infosec #cybersecurity #malware #threatintel #cti #apt https://t.co/6L0RfCvsC4

0

38

12

3

3K

Kevin Thomas @mytechnotalent

over 1 year ago

Mustang Panda is using MAVInject.exe to inject malware into waitfor.exe, bypassing ESET with a TONESHELL backdoor. Memorizing policies and chasing non-technical certs won’t stop real attackers. #CyberSecurity #ThreatHunting #APT #MAVInject #TONESHELL https://t.co/ojw7ejVvuo

0

2

0

189

yed @frdfzi

over 1 year ago

Potential Mustang Panda's #ToneShell with low detection, uploaded from Turkey. https://t.co/1gHktnhAFx

0

22

4

2

849

FatzQatz @FatzQatz

over 1 year ago

@ESETresearch Sigma and YARA rules to detect #PoohLoader and #Toneshell are now available on my GitHub. Check them out! https://t.co/HS7wEHOf9p

0

7

3

5

835

FatzQatz @FatzQatz

over 1 year ago

(malicious) EACore.dll https://t.co/Okyzt05v46 C2 - www.militarytc[.]com:443 #malware #mustangpanda #toneshell

1

7

3

1

872

FatzQatz @FatzQatz

over 1 year ago

A new Mustang Panda loader? It checks for @ESET AV and, if detected, uses LOLBins (Mavinject) to inject #Toneshell into waitfor.exe. Setup Factory → DLL Side-loading (EACore.dll) → regsvr32 → Mavinject → Waitfor → Toneshell. I’m calling it #PoohLoader🤣 FYI: @salmanvsf

FatzQatz's tweet photo. A new Mustang Panda loader? It checks for @ESET AV and, if detected, uses LOLBins (Mavinject) to inject #Toneshell into waitfor.exe.

Setup Factory → DLL Side-loading (EACore.dll) → regsvr32 → Mavinject → Waitfor → Toneshell.

I’m calling it #PoohLoader🤣

FYI: @salmanvsf https://t.co/62tc5M3oXE

5

141

43

65

12K

yed @frdfzi

over 1 year ago

#ToneShell uploaded VT from TH Notice of Final Meeting - bcbea3850e69e2884d7cd4d03c5ac851 Attendee list template (24-6-2024) - e21ed2212f38d8db35507f793c5b5f2a Invitation letter - 0873d4d8db314710c63448be9b9e5a45 C2 47.89.131.190 45.144.165.66 185.62.57.118 #MustangPanda

0

19

3

2K

安坂星海 Azaka || VTuber

@AzakaSekai_

over 1 year ago

https://t.co/G4Kg5cGigj This sounds like #TOneShell than a new variant - even down to the YK prefix. This is not a new malware. @netskop

2

3

0

1

402

Hunter For Fun @Thisism23567356

over 1 year ago

New C2 servers related to Chinese #APT group #MustangPanda (AKA #EarthPreta) communicating from #Toneshell malwares: srv1[.]blackberrygame[.]com 146[.]70.149.186 @TrendMicroRSRCH

2

65

19

32

7K

yed @frdfzi

over 1 year ago

#ToneShell #MustangPanda Uploaded from India on 2024-11-14 06:13:40 UTC https://t.co/McwKU8mU0v opera_elf.dll PDB: E:\\https://t.co/eC6yjaOZ0v\\Release\\https://t.co/eC6yjaOZ0v.pdb C2: formainservercheap[.]com 65.20.73[.]88

0

29

11

6

3K

Top Tweets for #Toneshell

Last Seen Hashtags on Sotwe

Trends for you

Most Popular Users