ICMP
Using ICMP requests and replies as a C2 channel.
Malware/Threat actors
| Name | Type | Years | Source |
|---|---|---|---|
| PlugX | malware | 2014 | GlobalThreatIntelReport.pdf
plugx-goes-to-the-registry-and-india.pdf ASERT%20Threat%20Intelligence%20Brief%202015-05%20PlugX%20Threat%20Activity%20in%20Myanmar.pdf P2P_PlugX_Analysis.pdf |
| Regin | malware | 2008-2013 | regin-analysis.pdf
Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf ICIT-Brief-Know-Your-Enemies-2.0.pdf stamp.jsp?tp=&arnumber=7460498&tag=1 |
| Uroburos | malware | 2008-2013 | GData_Uroburos_RedPaper_EN_v1.pdf
ICIT-Brief-Know-Your-Enemies-2.0.pdf |
| Group-IB | < threat actor/malware > | 2016-2017 | Group-IB_MoneyTaker_report.pdf
Group-IB_Lazarus.pdf Anunak_APT_against_financial_institutions.pdf |
| APT32 | threat actor | 2014-2017 | SpyRATsofOceanLotusMalwareWhitePaper.pdf
oceanlotus-ships-new-backdoor oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society |
| ProjectSauron | malware | 2011-2016 | The-ProjectSauron-APT_research_KL.pdf
|
| Backdoor.Remsec | malware | N/A | Symantec_Remsec_IOCs.pdf
|
Preventions
<Mitigation techniques>
Detections
<Detection techniques>
Toolkit
<Toolkit instructions, if applicable>
Similar techniques
References
[<Source name>](<Source link>)