PHOREAL

PHOREAL is a signature backdoor used by APT32. [1]

ID: S0158
Aliases: PHOREAL
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
PHOREAL[1]

Techniques Used

DomainIDNameUse
EnterpriseT1059Command-Line InterfacePHOREAL is capable of creating reverse shell.[1]
EnterpriseT1094Custom Command and Control ProtocolPHOREAL communicates via ICMP for C2.[1]
EnterpriseT1112Modify RegistryPHOREAL is capable of manipulating the Registry.[1]
EnterpriseT1095Standard Non-Application Layer ProtocolPHOREAL communicates via ICMP for C2.[1]

Groups

Groups that use this software:

APT32

References