Malware

PHOREAL

aka Rizzo

Phoreal is a very simple backdoor that is capable of creating a reverse shell, performing simple file I/O and top-level window enumeration.

PHOREAL, also known as Rizzo, is a Windows malware family operated by APT32.

Background

Phoreal is a minimalist backdoor able to open a reverse shell, carry out basic file I/O, and enumerate top-level windows. It reaches out to four hardcoded C2 servers using ICMP over port 53.

Source: Malpedia (Fraunhofer FKIE).