Skip to content

S0626 P8RAT

P8RAT is a fileless malware used by menuPass to download and execute payloads since at least 2020.1

Item Value
ID S0626
Associated Names HEAVYPOT, GreetCake
Version 1.0
Created 21 June 2021
Last Modified 14 October 2021
Navigation Layer View In ATT&CK® Navigator

Associated Software Descriptions

Name Description
GreetCake 1

Techniques Used

Domain ID Name Use
enterprise T1001 Data Obfuscation -
enterprise T1001.001 Junk Data P8RAT can send randomly-generated data as part of its C2 communication.1
enterprise T1105 Ingress Tool Transfer P8RAT can download additional payloads to a target system.1
enterprise T1057 Process Discovery P8RAT can check for specific processes associated with virtual environments.1
enterprise T1497 Virtualization/Sandbox Evasion -
enterprise T1497.001 System Checks P8RAT can check the compromised host for processes associated with VMware or VirtualBox environments.1
enterprise T1497.003 Time Based Evasion P8RAT has the ability to “sleep” for a specified time to evade detection.1

Groups That Use This Software

ID Name References
G0045 menuPass 1