# CASTLETAP > Tipo: **malware** · S1224 · [MITRE ATT&CK](https://attack.mitre.org/software/S1224) ## Descrição [[s1224-castletap|CASTLETAP]] é um backdoor de port knocking ICMP instalado em firewalls FortiGaté comprometidos pelo [[g1048-unc3886|UNC3886]]. **Plataformas:** Network Devices ## Técnicas Utilizadas - [[t1059-004-unix-shell|T1059.004 - Unix Shell]] - [[t1205-002-socket-filters|T1205.002 - Socket Filters]] - [[t1105-ingress-tool-transfer|T1105 - Ingress Tool Transfer]] - [[t1140-deobfuscatedecode-files-or-information|T1140 - Deobfuscaté/Decode Files or Information]] - [[t1573-002-asymmetric-cryptography|T1573.002 - Asymmetric Cryptography]] - [[t1040-network-sniffing|T1040 - Network Sniffing]] - [[t1573-001-symmetric-cryptography|T1573.001 - Symmetric Cryptography]] - [[t1005-data-from-local-system|T1005 - Data from Local System]] ## Grupos que Usam - [[g1048-unc3886|UNC3886]] ## Referências - [MITRE ATT&CK - S1224](https://attack.mitre.org/software/S1224)