Skip to content

S0158 PHOREAL

PHOREAL is a signature backdoor used by APT32. 1

Item Value
ID S0158
Associated Names
Type MALWARE
Version 1.1
Created 14 December 2017
Last Modified 30 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1059 Command and Scripting Interpreter -
enterprise T1059.003 Windows Command Shell PHOREAL is capable of creating reverse shell.1
enterprise T1112 Modify Registry PHOREAL is capable of manipulating the Registry.1
enterprise T1095 Non-Application Layer Protocol PHOREAL communicates via ICMP for C2.1

Groups That Use This Software

ID Name References
G0050 APT32 1

References

Back to top