S0508Windows

S0508ngrok

Platforms
1
ATT&CK
14.1
References
5

Description

[ngrok](https://attack.mitre.org/software/S0508) is a legitimate reverse proxy tool that can create a secure tunnel to servers located behind firewalls or on local machines that do not have a public IP. [ngrok](https://attack.mitre.org/software/S0508) has been leveraged by threat actors in several campaigns including use for lateral movement and data exfiltration.(Citation: Zdnet Ngrok September 2018)(Citation: FireEye Maze May 2020)(Citation: Cyware Ngrok May 2019)(Citation: MalwareBytes LazyScripter Feb 2021)

Platforms· 1

Windows

References

  1. https://attack.mitre.org/software/S0508
  2. https://www.zdnet.com/article/sly-malware-author-hides-cryptomining-botnet-behind-ever-shifting-proxy-service/
  3. https://cyware.com/news/cyber-attackers-leverage-tunneling-service-to-drop-lokibot-onto-victims-systems-6f610e44
  4. https://www.malwarebytes.com/resources/files/2021/02/lazyscripter.pdf
  5. https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
Anchor
Software
Socksbot
Software
EVILNUM
CVE
CVE-2025-57282
Software
MoleNet
Software
NOKKI
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.