Malware: SLIGHTPULSE

Description

[SLIGHTPULSE](https://attack.mitre.org/software/S1110) is a web shell that was used by [APT5](https://attack.mitre.org/groups/G1023) as early as 2020 including against Pulse Secure VPNs at US Defense Industrial Base (DIB) entities.(Citation: Mandiant Pulse Secure Zero-Day April 2021)

External References

• mitre-attack
• Mandiant Pulse Secure Zero-Day April 2021

Techniques Used by This Malware

• T1005 — Data from Local System
• T1059 — Command and Scripting Interpreter
• T1071.001 — Web Protocols
• T1074.001 — Local Data Staging
• T1105 — Ingress Tool Transfer
• T1132.001 — Standard Encoding
• T1140 — Deobfuscate/Decode Files or Information
• T1505.003 — Web Shell
• T1573.001 — Symmetric Cryptography

APT Groups Using This Malware

• APT5