Tag: reverse shell

14 Attack Reports | 0 Vulnerabilities

Attack reports

Komari Red: The Monitoring Tool with a Built-in Reverse Shell

On April 16, 2026, a threat actor leveraged stolen VPN credentials to access a Windows workstation and deployed a SYSTEM-level backdoor using the Komari agent, an open-source monitoring tool with built-in command-and-control capabilities. The attacker authenticated through an SSLVPN session from IP…
credential-theft
impacket
reverse-shell
2026-04-30
github-infrastructure
komari
nssm-persistence
rdp-enablement
sslvpn-compromise
Published: April 30, 2026
Downloadable IOCs: 2

Critical Vulnerabilities in Ivanti EPMM Exploited

Two critical zero-day vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Ivanti Endpoint Manager Mobile are being actively exploited, allowing unauthenticated remote code execution on servers. Widespread exploitation has been observed, including reverse shells, web shells, reconnaissance, and mal…
zero-day
ivanti
reconnaissance
remote code execution
reverse shell
web shell
epmm
CVE-2026-1281
CVE-2026-1340
2026-02-18
mobile device management
Published: February 18, 2026
Linked vulnerabilities : CVE-2026-1281 (CVSS 9.8), CVE-2026-1340 (CVSS 9.8)
Downloadable IOCs: 17

Cavalry Werewolf hacker group attacks Russian state institutions

A Russian government organization was targeted by the Cavalry Werewolf hacker group, aiming to collect confidential information and network data. The attack began with phishing emails containing malware disguised as documents. The group utilized various tools including backdoors, trojans, and modif…
phishing
data theft
backdoors
network infiltration
russian government
reverse-shell
open-source tools
2025-11-07
trojan.packed2.49708
telegram api
backdoor.shellnet.2
backdoor.reverseshell.10
backdoor.tunnel.41
trojan.inject5.57968
bat.downloader.1138
trojan.siggen31.54011
backdoor.shellnet.1
trojan.filespynet.5
backdoor.reverseproxy.1
backdoor.rshell.169
backdoor.siggen2.5463
trojan.packed2.49862
Published: November 7, 2025
Downloadable IOCs: 27

Operation Peek-a-Baku: Silent Lynx APT Targets Dushanbe with Espionage Campaign

The Silent Lynx APT group has been conducting espionage campaigns targeting Central Asian nations, Russia, China, and Azerbaijan. Two main campaigns were identified: one focusing on Russia-Azerbaijan relations and another on China-Central Asia relations. The group uses various malware including Pow…
apt
espionage
powershell
russia
china
.net
reverse shell
central asia
azerbaijan
silent loader
laplas
silentsweeper
ligolo-ng
2025-11-05
Published: November 5, 2025
Downloadable IOCs: 0

Evasion and Persistence via Hidden Hyper-V Virtual Machines

This investigation uncovered new tools and techniques used by the Curly COMrades threat actor to establish covert, long-term access to victim networks. The attackers exploited Hyper-V virtualization on compromised Windows 10 machines to create hidden remote operating environments. They deployed a m…
evasion
powershell
persistence
lateral movement
proxy
reverse shell
virtualization
2025-11-05
hyper-v
kerberos
alpine linux
curlcat
curlyshell
Published: November 5, 2025
Downloadable IOCs: 4

Operation Peek-a-Baku: APT Targets Dushanbe with Espionage Campaign

The Silent Lynx APT group has been conducting espionage campaigns targeting diplomatic entities and critical infrastructure in Central Asia, Russia, and China. Two major campaigns were identified: one focused on Russia-Azerbaijan relations and another on China-Central Asia relations. The group used…
apt
espionage
powershell
russia
china
github
reverse shell
central asia
tajikistan
2025-11-03
azerbaijan
silent loader
laplas
silentsweeper
ligolo-ng
Published: November 3, 2025
Downloadable IOCs: 33

Werewolf raids Russia's public sector with trusted relationship attacks

Cavalry Werewolf, a malicious actor group, targeted Russian state agencies and enterprises in the energy, mining, and manufacturing sectors from May to August 2025. The attackers used targeted phishing emails, posing as Kyrgyz government officials, to gain initial access. They employed custom malwa…
rat
phishing
russia
government
asyncrat
mining
telegram
reverse shell
manufacturing
kyrgyzstan
2025-10-02
energy
foalshell
stallionrat
Published: October 2, 2025
Downloadable IOCs: 0

Malware found on npm infecting local package with reverse shell

A sophisticated malware campaign targeting npm packages has been discovered, involving two malicious packages: ethers-provider2 and ethers-providerz. These packages act as downloaders, hiding their malicious payload cleverly. Upon installation, they patch the legitimate locally-installed npm packag…
persistence
javascript
npm
reverse-shell
2025-03-26
ethers-provider2
package-infection
ethers-providerz
Published: March 26, 2025
Downloadable IOCs: 1

Auto-Color: An Emerging and Evasive Linux Backdoor

Auto-color is a newly discovered Linux malware that employs sophisticated evasion techniques. It renames itself to benign-looking filenames, hides remote C2 connections using advanced methods similar to Symbiote malware, and uses proprietary encryption for communication. The malware installs a mali…
linux
backdoor
evasion
encryption
government
c2
proxy
universities
reverse shell
2025-02-25
auto-color
library implant
symbiote
Published: February 25, 2025
Downloadable IOCs: 10

Malicious ML models discovered on Hugging Face platform

RL researchers have identified a novel attack technique called nullifAI on the Hugging Face platform, which abuses Pickle file serialization to distribute malware. Two malicious models were found containing reverse shell code, bypassing Hugging Face's security scanning mechanisms. The attack exploi…
reverse shell
machine learning
2025-02-07
pytorch
ai security
hugging face
pickle serialization
nullifai
picklescan
Published: February 7, 2025
Downloadable IOCs: 0

NGC4020 Attacks: DameWare Mini Remote Control Vulnerability

The Solar 4RAYS team investigated a cyberattack on an industrial company, uncovering that attackers exploited a vulnerability in DameWare Mini Remote Control to deliver malware and disable security protections. The NGC4020 group initially compromised systems in December 2022 using CVE-2019-3980. Th…
vulnerability
quasarrat
reverse shell
antivirus bypass
2025-01-31
dameware
Published: January 31, 2025
Downloadable IOCs: 0

Threat actors attempt to exploit a flaw in Four-Faith routers

A high-severity vulnerability (CVE-2024-12856) affecting Four-Faith router models F3x24 and F3x36 is being actively exploited. The flaw allows OS command injection if default credentials are used, potentially leading to unauthenticated remote code execution. Attackers have been observed leveraging …
vulnerability
router
reverse shell
CVE-2024-12856
2024-12-28
four-faith
Published: December 28, 2024
Downloadable IOCs: 0

Unpacking the Diicot Malware Targeting Linux Environments

A new malware campaign attributed to the Romanian-speaking Diicot threat group has been discovered targeting Linux systems. The campaign shows significant advancements compared to previous iterations, including modified UPX headers with corrupted checksums, advanced payload staging, and environment…
malware
linux
openssh
xmrig
persistence
cryptomining
brute-force
2024-12-17
reverse-shell
upx
Published: December 17, 2024
Downloadable IOCs: 36

Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules

Stroz Friedberg discovered sedexp, a stealthy Linux malware that utilizes udev rules to achieve persistence and evade detection. It provides reverse shell capabilities and advanced concealment tactics. Employed by a financially motivated threat actor, sedexp hides credit card scraping code, indicat…
linux
evasion
persistence
2024-08-23
reverse shell
sedexp
concealment
Published: August 23, 2024
Downloadable IOCs: 3
Click here to see more Attack Reports