PITSTOP - S1123 (d79b1800-3b5d-4a4f-8863-8251eca793e2)

PITSTOP is a backdoor that was deployed on compromised Ivanti Connect Secure VPNs during Cutting Edge to enable command execution and file read/write.(Citation: Mandiant Cutting Edge Part 3 February 2024)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	PITSTOP - S1123 (d79b1800-3b5d-4a4f-8863-8251eca793e2)	Malware	1
PITSTOP - S1123 (d79b1800-3b5d-4a4f-8863-8251eca793e2)	Malware	Socket Filters - T1205.002 (005cc321-08ce-4d17-b1ea-cb5275926520)	Attack Pattern	1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	PITSTOP - S1123 (d79b1800-3b5d-4a4f-8863-8251eca793e2)	Malware	1
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	PITSTOP - S1123 (d79b1800-3b5d-4a4f-8863-8251eca793e2)	Malware	1
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	PITSTOP - S1123 (d79b1800-3b5d-4a4f-8863-8251eca793e2)	Malware	1
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	2
Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c)	Attack Pattern	Socket Filters - T1205.002 (005cc321-08ce-4d17-b1ea-cb5275926520)	Attack Pattern	2
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2