Software

Pillowmint is a point-of-sale malware used by FIN7 designed to capture credit card information.[1]

PinchDuke is malware that was used by APT29 from 2008 to 2010. [1]

Ping is an operating system utility commonly used to troubleshoot and verify network connections. [1]

PingPull is a remote access Trojan (RAT) written in Visual C++ that has been used by GALLIUM since at least June 2022. PingPull has been used to target telecommunications companies, financial institutions, and government entities in Afghanistan, Australia, Belgium, Cambodia, Malaysia, Mozambique, the Philippines, Russia, and Vietnam.[1]

PipeMon is a multi-stage modular backdoor used by Winnti Group.[1]

Pisloader is a malware family that is notable due to its use of DNS as a C2 protocol as well as its use of anti-analysis tactics. It has been used by APT18 and is similar to another malware family, HTTPBrowser, that has been used by the group. [1]

Playcrypt is a ransomware that has been used by Play since at least 2022 in attacks against against the business, government, critical infrastructure, healthcare, and media sectors in North America, South America, and Europe. Playcrypt derives its name from adding the .play extension to encrypted files and has overlap with tactics and tools associated with Hive and Nokoyawa ransomware and infrastructure associated with Quantum ransomware.[1][2][3]

PlugX is a remote access tool (RAT) with modular plugins that has been used by multiple threat groups.[1][2][3][4]

PoetRAT is a remote access trojan (RAT) that was first identified in April 2020. PoetRAT has been used in multiple campaigns against the private and public sectors in Azerbaijan, including ICS and SCADA systems in the energy sector. The STIBNITE activity group has been observed using the malware. PoetRAT derived its name from references in the code to poet William Shakespeare. [1][2][3]

PoisonIvy is a popular remote access tool (RAT) that has been used by many groups.[1][2][3]

PolyglotDuke is a downloader that has been used by APT29 since at least 2013. PolyglotDuke has been used to drop MiniDuke.[1]

Pony is a credential stealing malware, though has also been used among adversaries for its downloader capabilities. The source code for Pony Loader 1.0 and 2.0 were leaked online, leading to their use by various threat actors.[1]

PoshC2 is an open source remote administration and post-exploitation framework that is publicly available on GitHub. The server-side components of the tool are primarily written in Python, while the implants are written in PowerShell. Although PoshC2 is primarily focused on Windows implantation, it does contain a basic Python dropper for Linux/macOS.[1]

PowGoop is a loader that consists of a DLL loader and a PowerShell-based downloader; it has been used by MuddyWater as their main loader.[1][2]

Power Loader is modular code sold in the cybercrime market used as a downloader in malware families such as Carberp, Redyms and Gapz. [1] [2]

PowerDuke is a backdoor that was used by APT29 in 2016. It has primarily been delivered through Microsoft Word or Excel attachments containing malicious macros. [1]

PowerExchange is a PowerShell backdoor that has been used by OilRig since at least 2023 including against government targets in the Middle East.[1]

PowerLess is a PowerShell-based modular backdoor that has been used by Magic Hound since at least 2022.[1]

PowerPunch is a lightweight downloader that has been used by Gamaredon Group since at least 2021.[1]

PowerShower is a PowerShell backdoor used by Inception for initial reconnaissance and to download and execute second stage payloads.[1][2]

PowerSploit is an open source, offensive security framework comprised of PowerShell modules and scripts that perform a wide range of tasks related to penetration testing such as code execution, persistence, bypassing anti-virus, recon, and exfiltration. [1] [2] [3]

PowerStallion is a lightweight PowerShell backdoor used by Turla, possibly as a recovery access tool to install other backdoors.[1]

Prestige ransomware has been used by Sandworm Team since at least March 2022, including against transportation and related logistics industries in Ukraine and Poland in October 2022.[1]

Prikormka is a malware family used in a campaign known as Operation Groundbait. It has predominantly been observed in Ukraine and was used as early as 2008. [1]

ProLock is a ransomware strain that has been used in Big Game Hunting (BGH) operations since at least 2020, often obtaining initial access with QakBot. ProLock is the successor to PwndLocker ransomware which was found to contain a bug allowing decryption without ransom payment in 2019.[1]