Description
[FunnyDream](https://attack.mitre.org/software/S1044) is a backdoor with multiple components that was used during the [FunnyDream](https://attack.mitre.org/campaigns/C0007) campaign since at least 2019, primarily for execution and exfiltration.(Citation: Bitdefender FunnyDream Campaign November 2020)
External References
Techniques Used by This Malware
- T1001 — Data Obfuscation
- T1005 — Data from Local System
- T1010 — Application Window Discovery
- T1012 — Query Registry
- T1016 — System Network Configuration Discovery
- T1018 — Remote System Discovery
- T1025 — Data from Removable Media
- T1027.013 — Encrypted/Encoded File
- T1033 — System Owner/User Discovery
- T1036.004 — Masquerade Task or Service
- T1041 — Exfiltration Over C2 Channel
- T1047 — Windows Management Instrumentation
- T1055.001 — Dynamic-link Library Injection
- T1056.001 — Keylogging
- T1057 — Process Discovery
- T1059.003 — Windows Command Shell
- T1070 — Indicator Removal
- T1070.004 — File Deletion
- T1074.001 — Local Data Staging
- T1082 — System Information Discovery
- T1083 — File and Directory Discovery
- T1090 — Proxy
- T1095 — Non-Application Layer Protocol
- T1105 — Ingress Tool Transfer
- T1106 — Native API
- T1113 — Screen Capture
- T1119 — Automated Collection
- T1120 — Peripheral Device Discovery
- T1124 — System Time Discovery
- T1218.011 — Rundll32
- T1518.001 — Security Software Discovery
- T1543.003 — Windows Service
- T1547.001 — Registry Run Keys / Startup Folder
- T1559.001 — Component Object Model
- T1560.002 — Archive via Library
- T1560.003 — Archive via Custom Method
- T1572 — Protocol Tunneling