PingRAT: secretly passes C2 traffic through firewalls using ICMP payloads

by Nam Phong · February 6, 2025

PingRAT

PingRAT secretly passes C2 traffic through firewalls using ICMP payloads.

Features:

Uses ICMP for Command and Control
Undetectable by most AV/EDR solutions
Written in Go

Use

Server

[pastacode lang=”markup” message=”” highlight=”” provider=”manual” manual=”.%2Fserver%20-h%0AUsage%20of%20.%2Fserver%3A%0A%20%20-d%20string%0A%20%20%20%20%09Destination%20IP%20address%0A%20%20-i%20string%0A%20%20%20%20%09Listener%20(virtual)%20Network%20Interface%20(e.g.%20eth0)%0A”/]

Client

[pastacode lang=”markup” message=”” highlight=”” provider=”manual” manual=”.%2Fclient%20-h%0AUsage%20of%20.%2Fclient%3A%0A%20%20-d%20string%0A%20%20%20%20%09Destination%20IP%20address%0A%20%20-i%20string%0A%20%20%20%20%09(Virtual)%20Network%20Interface%20(e.g.%2C%20eth0)”/]

Download

Copyright (C) 2023

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Tags: ICMP payloads

Leave a Reply Cancel reply

You must be logged in to post a comment.