Skip to content

<<< Hide Navigation Hide TOC >>>

PingPull - S1031 (3a0f6128-0a01-421d-8eca-e57d8671b1f1)

PingPull is a remote access Trojan (RAT) written in Visual C++ that has been used by GALLIUM since at least June 2022. PingPull has been used to target telecommunications companies, financial institutions, and government entities in Afghanistan, Australia, Belgium, Cambodia, Malaysia, Mozambique, the Philippines, Russia, and Vietnam.(Citation: Unit 42 PingPull Jun 2022)

Galaxy ColorsMalwareAttack Pat...
Rows: 22
Loading extensions...
Collapse filters
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Cluster A Galaxy A Cluster B Galaxy B Level
PingPull - S1031 (3a0f6128-0a01-421d-8eca-e57d8671b1f1) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 1
PingPull - S1031 (3a0f6128-0a01-421d-8eca-e57d8671b1f1) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 1
PingPull - S1031 (3a0f6128-0a01-421d-8eca-e57d8671b1f1) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 1
PingPull - S1031 (3a0f6128-0a01-421d-8eca-e57d8671b1f1) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 1
PingPull - S1031 (3a0f6128-0a01-421d-8eca-e57d8671b1f1) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
PingPull - S1031 (3a0f6128-0a01-421d-8eca-e57d8671b1f1) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 1
PingPull - S1031 (3a0f6128-0a01-421d-8eca-e57d8671b1f1) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 1
PingPull - S1031 (3a0f6128-0a01-421d-8eca-e57d8671b1f1) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 1
PingPull - S1031 (3a0f6128-0a01-421d-8eca-e57d8671b1f1) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 1
PingPull - S1031 (3a0f6128-0a01-421d-8eca-e57d8671b1f1) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
PingPull - S1031 (3a0f6128-0a01-421d-8eca-e57d8671b1f1) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 1
PingPull - S1031 (3a0f6128-0a01-421d-8eca-e57d8671b1f1) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 1
PingPull - S1031 (3a0f6128-0a01-421d-8eca-e57d8671b1f1) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 1
PingPull - S1031 (3a0f6128-0a01-421d-8eca-e57d8671b1f1) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
PingPull - S1031 (3a0f6128-0a01-421d-8eca-e57d8671b1f1) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 2