Pnscan Binary Data Transmission Activity (97de11cd-4b67-4abf-9a8b-1020e670aa9e)
Detects command line patterns associated with the use of Pnscan for sending and receiving binary data across the network. This behavior has been identified in a Linux malware campaign targeting Docker, Apache Hadoop, Redis, and Confluence and was previously used by the threat actor known as TeamTNT
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) | Attack Pattern | Pnscan Binary Data Transmission Activity (97de11cd-4b67-4abf-9a8b-1020e670aa9e) | Sigma-Rules | 1 |