PingPull

Malware & Tools · PingPull

· MalwareS1031 · Zararlı Yazılım

Type

malware

Techniques

Used By

1 groups

Platforms

Windows

Description

PingPull is a remote access Trojan (RAT) written in Visual C++ that has been used by GALLIUM since at least June 2022. PingPull has been used to target telecommunications companies, financial institutions, and government entities in Afghanistan, Australia, Belgium, Cambodia, Malaysia, Mozambique, the Philippines, Russia, and Vietnam.(Citation: Unit 42 PingPull Jun 2022)

Tactic Coverage

command and control (5)discovery (3)stealth (3)collection (1)exfiltration (1)execution (1)persistence (1)privilege escalation (1)

Used By (1 groups)

G0093GALLIUMGranite Typhoon

Techniques (15)

T1005Data from Local System

collection

T1016System Network Configuration Discovery

discovery

T1036.004Masquerade Task or Service

stealth

T1041Exfiltration Over C2 Channel

exfiltration

T1059.003Windows Command Shell

execution

T1070.006Timestomp

stealth

T1071.001Web Protocols

References

https://attack.mitre.org/software/S1031 https://unit42.paloaltonetworks.com/pingpull-gallium/