This is a custom instance of the MITRE ATT&CK Website. The official website can be found at attack.mitre.org.
SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
P8RAT
ID: S0626
ⓘ
Associated Software: HEAVYPOT, GreetCake
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.0
Created: 21 June 2021
Last Modified: 14 October 2021
Associated Software Descriptions
| Name | Description |
|---|---|
| HEAVYPOT | |
| GreetCake |
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1001 | .001 | Data Obfuscation: Junk Data |
P8RAT can send randomly-generated data as part of its C2 communication.[1] |
| Enterprise | T1105 | Ingress Tool Transfer |
P8RAT can download additional payloads to a target system.[1] |
|
| Enterprise | T1057 | Process Discovery |
P8RAT can check for specific processes associated with virtual environments.[1] |
|
| Enterprise | T1497 | .001 | Virtualization/Sandbox Evasion: System Checks |
P8RAT can check the compromised host for processes associated with VMware or VirtualBox environments.[1] |
| .003 | Virtualization/Sandbox Evasion: Time Based Evasion |
P8RAT has the ability to "sleep" for a specified time to evade detection.[1] |
||
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0045 | menuPass |
References
×