Plink

Description

(FireEye) A common utility used to tunnel RDP sessions is PuTTY Link, commonly known as Plink. Plink can be used to establish secure shell (SSH) network connections to other systems using arbitrary source and destination ports. Since many IT environments either do not perform protocol inspection or do not block SSH communications outbound from their network, attackers such as FIN8 have used Plink to create encrypted tunnels that allow RDP ports on infected systems to communicate back to the attacker command and control (C2) server.

Names

Name
Plink
PuTTY Link

Type

Tunneling

Information

https://www.fireeye.com/blog/threat-research/2019/01/bypassing-network-restrictions-through-rdp-tunneling.html

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:plink

Other Information

Uuid

598b6f11-cd88-4ce8-8179-ad644c424419

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

Plink

Plink

Description

Names

Category

Type

Information

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks