Common Information
| Type | Value |
|---|---|
| Value |
ALMA Communicator |
| Category | Tool |
| Type | Tool |
| Misp Type | Cluster |
| Description | The ALMA Communicator Trojan is a backdoor Trojan that uses DNS tunneling exclusively to receive commands from the adversary and to exfiltrate data. This Trojan specifically reads in a configuration from the cfg file that was initially created by the Clayslide delivery document. ALMA does not have an internal configuration, so the Trojan does not function without the cfg file created by the delivery document. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2021-04-20 | 1764 | Raw Threat Intelligence | ||
| Details | Website | 2020-12-21 | 3 | SolarWinds/SUNBURST: DGA or DNS Tunneling? | ||
| Details | Website | 2019-04-16 | 49 | DNS Tunneling in the Wild: Overview of OilRig’s DNS Tunneling | ||
| Details | Website | 2017-12-15 | 2 | Introducing the Adversary Playbook: First up, OilRig |