Movatterモバイル変換


[0]ホーム

URL:


  1. Home
  2. Software
  3. PACEMAKER

PACEMAKER

PACEMAKER is a credential stealer that was used byAPT5 as early as 2020 including activity against US Defense Industrial Base (DIB) companies.[1]

ID: S1109
Type: MALWARE
Platforms: Network Devices, Linux
Version: 1.1
Created: 08 February 2024
Last Modified: 15 April 2025
Enterprise Layer
downloadview

Techniques Used

DomainIDNameUse
EnterpriseT1119Automated Collection

PACEMAKER can enter a loop to read/proc/ entries every 2 seconds in order to read a target application's memory.[1]

EnterpriseT1059.004Command and Scripting Interpreter:Unix Shell

PACEMAKER can use a simple bash script for execution.[1]

EnterpriseT1074.001Data Staged:Local Data Staging

PACEMAKER has written extracted data totmp/dsserver-check.statementcounters.[1]

EnterpriseT1083File and Directory Discovery

PACEMAKER can parse/proc/"process_name"/cmdline to look for the stringdswsd within the command line.[1]

EnterpriseT1003.007OS Credential Dumping:Proc Filesystem

PACEMAKER has the ability to extract credentials from OS memory.[1]

EnterpriseT1055.008Process Injection:Ptrace System Calls

PACEMAKER can use PTRACE to attach to a targeted process to read process memory.[1]

Groups That Use This Software

IDNameReferences
G1023APT5

[1]

References

×

[8]ページ先頭

©2009-2026 Movatter.jp