Skip to content

Hide Navigation Hide TOC

SLOWPULSE - S1104 (f8fc98ac-ad6d-44db-b6e2-f0c6eb4eace4)

SLOWPULSE is a malware that was used by APT5 as early as 2020 including against U.S. Defense Industrial Base (DIB) companies. SLOWPULSE has several variants and can modify legitimate Pulse Secure VPN files in order to log credentials and bypass single and two-factor authentication flows.(Citation: Mandiant Pulse Secure Zero-Day April 2021)

Cluster A Galaxy A Cluster B Galaxy B Level
SLOWPULSE - S1104 (f8fc98ac-ad6d-44db-b6e2-f0c6eb4eace4) Malware Compromise Host Software Binary - T1554 (960c3c86-1480-4d72-b4e0-8c242e84a5c5) Attack Pattern 1
SLOWPULSE - S1104 (f8fc98ac-ad6d-44db-b6e2-f0c6eb4eace4) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 1
Multi-Factor Authentication Interception - T1111 (dd43c543-bb85-4a6f-aa6e-160d90d06a49) Attack Pattern SLOWPULSE - S1104 (f8fc98ac-ad6d-44db-b6e2-f0c6eb4eace4) Malware 1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern SLOWPULSE - S1104 (f8fc98ac-ad6d-44db-b6e2-f0c6eb4eace4) Malware 1
SLOWPULSE - S1104 (f8fc98ac-ad6d-44db-b6e2-f0c6eb4eace4) Malware Network Device Authentication - T1556.004 (fa44a152-ac48-441e-a524-dd7b04b8adcd) Attack Pattern 1
SLOWPULSE - S1104 (f8fc98ac-ad6d-44db-b6e2-f0c6eb4eace4) Malware Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern 1
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
Network Device Authentication - T1556.004 (fa44a152-ac48-441e-a524-dd7b04b8adcd) Attack Pattern Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern 2
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern 2