Malware: PULSECHECK

Description

[PULSECHECK](https://attack.mitre.org/software/S1108) is a web shell written in Perl that was used by [APT5](https://attack.mitre.org/groups/G1023) as early as 2020 including against Pulse Secure VPNs at US Defense Industrial Base (DIB) companies.(Citation: Mandiant Pulse Secure Zero-Day April 2021)

External References

• mitre-attack
• Mandiant Pulse Secure Zero-Day April 2021

Techniques Used by This Malware

• T1059.004 — Unix Shell
• T1071.001 — Web Protocols
• T1132.001 — Standard Encoding
• T1505.003 — Web Shell

APT Groups Using This Malware

• APT5