Tag: behinder

2 Attack Reports | 0 Vulnerabilities

Attack reports

Analysis of an incident involving a web shell used as a backdoor

A SOC investigation uncovered a web shell attack on a government SharePoint server in Southeast Asia. The attackers used certutil to download an ASPX payload disguised as a 404 page, then employed Potato tools for privilege escalation. Analysis revealed the web shell to be Behinder, a modular backd…
privilege escalation
badpotato
behinder
godpotato
web shell
southeast asia
2025-02-28
memory-based threats
sweetpotato
potato tools
Published: February 28, 2025
Downloadable IOCs: 0

Analysis of Coin Miner Attack Case Against Domestic Web Server

ASEC has recently confirmed an attack on a domestic medical institution to install a coin miner. The web server that was targeted was a Windows IIS server, and the path name on which the web shell was uploaded suggests that it is a system with the Picture Archiving and Communication System (PACS) p…
xmrig
2024-06-18
godzilla
aspxspy
badpotato
CVE-2021-1732
coin miner
certutil
iis sever
caidao
chopper
behinder
godpotato
ringq
Published: June 18, 2024
Downloadable IOCs: 10
Click here to see more Attack Reports