PORTHOLE

Description

(Mandiant) FIN13 used PORTHOLE, a Java-based port scanner, to conduct network research. PORTHOLE may attempt multiple socket connections to many IPs and ports and, as it is multi-threaded, can execute this operation rapidly with potentially multiple overlapping connections. The malware accepts as its first argument either an IP address with wildcards in the address, or a filename. The second argument is the starting port range to scan for each IP, and the third is the ending port range.

Names

Name
PORTHOLE

Type

Reconnaissance

Information

https://www.mandiant.com/resources/fin13-cybercriminal-mexico

Other Information

Uuid

c840fb35-74e8-4953-a1a5-58b7607053bf

Last Card Change

2021-12-26

Threat Intelligence Garden

Explorer

PORTHOLE

PORTHOLE

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks