– Glimpse (newer version of a PowerShell-based trojan that Palo Alto Networks names BondUpdater)
– PoisonFrog (older version of BondUpdater)
– HyperShell (web shell that Palo Alto Networks calls TwoFace)
– HighShell (another web shell)
– Fox Panel (phishing kit)
– Webmask (DNS tunneling, main tool behind DNSpionage)
data taken from victims that had been collected in some of APT34’s backend command-and-control (C&C) servers.
Additionally, Dookhtegan also leaked data about past APT34 operations, listing the IP addresses and domains where the group had hosted web shells in the past, and other operational data.