Malware: STEADYPULSE

Description

[STEADYPULSE](https://attack.mitre.org/software/S1112) is a web shell that infects targeted Pulse Secure VPN servers through modification of a legitimate Perl script that was used as early as 2020 including in activity against US Defense Industrial Base (DIB) entities.(Citation: Mandiant Pulse Secure Zero-Day April 2021)

External References

• mitre-attack
• Mandiant Pulse Secure Zero-Day April 2021

Techniques Used by This Malware

• T1071.001 — Web Protocols
• T1105 — Ingress Tool Transfer
• T1132.001 — Standard Encoding
• T1140 — Deobfuscate/Decode Files or Information
• T1505.003 — Web Shell