Tag: godzilla

5 Attack Reports | 0 Vulnerabilities

Attack reports

The Espionage Toolkit: A Closer Look at its Advanced Techniques

Earth Alux, a China-linked APT group, is actively conducting cyberespionage attacks against key sectors in the APAC and Latin American regions. The group exploits vulnerable services in exposed servers to gain initial access and deploys web shells like GODZILLA. Their primary backdoor, VARGEIT, is …
apt
cyberespionage
godzilla
dll side-loading
latin america
2025-03-31
apac
vargeit
railsetter
masqloader
rsbinject
railload
cobeacon
Published: March 31, 2025
Downloadable IOCs: 0

Code injection attacks using publicly disclosed ASP.NET machine keys

An unattributed threat actor has been observed exploiting publicly disclosed ASP.NET machine keys to perform ViewState code injection attacks, delivering the Godzilla post-exploitation framework. Over 3,000 publicly disclosed keys have been identified as potentially vulnerable to this attack method…
viewstate
godzilla
post-exploitation
iis
web servers
code injection
2025-02-06
asp.net
machine keys
Published: February 6, 2025
Downloadable IOCs: 0

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence

Trend Micro researchers have identified a new attack vector exploiting CVE-2023-22527 in older versions of Atlassian Confluence Data Center and Server. The attack deploys an in-memory fileless backdoor known as the Godzilla webshell, which uses AES encryption for communication and remains memory-re…
godzilla
remote code execution
2024-09-02
aes encryption
CVE-2023-22527
atlassian confluence
fileless backdoor
in-memory
Published: September 2, 2024
Linked vulnerabilities : CVE-2023-22527
Downloadable IOCs: 0

A Dive into Latest Campaign

Earth Baku, an advanced persistent threat actor, has broadened its operations from the Indo-Pacific region to Europe, the Middle East, and Africa, targeting countries like Italy, Germany, UAE, and Qatar. The group leverages public-facing applications like IIS servers as entry points, deploying soph…
backdoor
loader
apt
espionage
cobalt strike
cybercrime
godzilla
stealthvector
2024-08-09
stealthreacher
megacmd
sneakcross
tailscale
rakshasa
Published: August 9, 2024
Downloadable IOCs: 30

Analysis of Coin Miner Attack Case Against Domestic Web Server

ASEC has recently confirmed an attack on a domestic medical institution to install a coin miner. The web server that was targeted was a Windows IIS server, and the path name on which the web shell was uploaded suggests that it is a system with the Picture Archiving and Communication System (PACS) p…
xmrig
2024-06-18
godzilla
aspxspy
badpotato
CVE-2021-1732
coin miner
certutil
iis sever
caidao
chopper
behinder
godpotato
ringq
Published: June 18, 2024
Downloadable IOCs: 10
Click here to see more Attack Reports