PLAINTEE

Description

(Palo Alto) PLAINTEE is unusual in that it uses a custom UDP protocol for its network communications.

PLAINTEE will create a unique GUID via a call to CoCreateGuid() to be used as an identifier for the victim. The malware then proceeds to collect general system enumeration data about the infected machine and enters a loop where it will decode an embedded config blob and send an initial beacon to the C2 server.

Names

Name
PLAINTEE

Type

Reconnaissance
Backdoor

Information

https://unit42.paloaltonetworks.com/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/

Mitre Attack

https://attack.mitre.org/software/S0254/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.plaintee

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:PLAINTEE

Other Information

Uuid

4e8876cc-a6e4-4e3b-8637-e77d6363a1ad

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

PLAINTEE

PLAINTEE

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks