TABLEFLIP

Description

(Mandiant) To enable continued access directly from the Internet, the threat actor implemented TABLEFLIP (MD5: b6e92149efaf78e9ce7552297505b9d5), a passive traffic redirection utility that listens on all active interfaces for specialized command packets. With this utility in place, and regardless of the ACL’s in place, the threat actor would be able to connect directly to the FortiManager as seen in Figure 15.

Names

Name
TABLEFLIP

Type

Tunneling

Information

https://cloud.google.com/blog/topics/threat-intelligence/fortinet-malware-ecosystem/

Other Information

Uuid

a7e011e1-7edd-4166-9582-3e200d13910c

Last Card Change

2024-08-26

Threat Intelligence Garden

Explorer

TABLEFLIP

TABLEFLIP

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks