Software: Pteranodon

From ATT&CK
Jump to: navigation, search
Pteranodon
Software
ID S0147
Aliases Pteranodon
Type Malware

Pteranodon is a custom backdoor used by Gamaredon Group.1

Techniques Used

  • Screen Capture - Pteranodon can capture screenshots at a configurable interval.1
  • File Deletion - Pteranodon can delete files that may interfere with it executing. It also can delete temporary files and itself after the initial script executes.1
  • Rundll32 - Pteranodon executes functions using rundll32.exe.1
  • Scheduled Task - Pteranodon schedules tasks to invoke its components in order to establish persistence.1
  • Data Staged - Pteranodon creates various subdirectories under %Temp%\reports\% and copies files to those subdirectories. It also creates a folder at C:\Users\<Username>\AppData\Roaming\Microsoft\store to store screenshot JPEG files.1

Groups

The following groups use this software: