PingPull
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
A PingPull variant can communicate with its C2 servers by using HTTPS.(Citation: Unit 42 PingPull Jun 2022) |
| Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
PingPull can use `cmd.exe` to run various commands as a reverse shell.(Citation: Unit 42 PingPull Jun 2022) |
| Enterprise | T1543 | .003 | Create or Modify System Process: Windows Service |
PingPull has the ability to install itself as a service.(Citation: Unit 42 PingPull Jun 2022) |
| Enterprise | T1132 | .001 | Data Encoding: Standard Encoding |
PingPull can encode C2 traffic with Base64.(Citation: Unit 42 PingPull Jun 2022) |
| Enterprise | T1573 | .001 | Encrypted Channel: Symmetric Cryptography |
PingPull can use AES, in cipher block chaining (CBC) mode padded with PKCS5, to encrypt C2 server communications.(Citation: Unit 42 PingPull Jun 2022) |
| Enterprise | T1070 | .006 | Indicator Removal: Timestomp |
PingPull has the ability to timestomp a file.(Citation: Unit 42 PingPull Jun 2022) |
| Enterprise | T1036 | .004 | Masquerading: Masquerade Task or Service |
PingPull can mimic the names and descriptions of legitimate services such as `iphlpsvc`, `IP Helper`, and `Onedrive` to evade detection.(Citation: Unit 42 PingPull Jun 2022) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.