PingPull

Description

(Palo Alto) PingPull has the capability to leverage three protocols (ICMP, HTTP(S) and raw TCP) for command and control (C2). While the use of ICMP tunneling is not a new technique, PingPull uses ICMP to make it more difficult to detect its C2 communications, as few organizations implement inspection of ICMP traffic on their networks. This blog provides a detailed breakdown of this new tool as well as the GALLIUM group’s recent infrastructure.

Names

Name
PingPull

Type

Backdoor

Information

https://unit42.paloaltonetworks.com/pingpull-gallium/

Mitre Attack

https://attack.mitre.org/software/S1031/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/elf.pingpull

Other Information

Uuid

810f83c1-2cc8-44a2-9fee-e24e84dfc349

Last Card Change

2023-06-22

Threat Intelligence Garden

Explorer

PingPull

PingPull

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks