Tag: web shell

8 Attack Reports | 0 Vulnerabilities

Attack reports

JSPSpy and 'Filebroser': A Custom File Management Tool in Webshell Infrastructure

Researchers have identified a cluster of JSPSpy web shell servers featuring 'Filebroser', a modified version of the open-source File Browser project. The infrastructure spans multiple hosting providers in China and the United States, using both cloud services and traditional ISPs. JSPSpy, a Java-ba…
remote access
infrastructure
web shell
detection
2025-03-12
jspspy
file management
filebroser
http headers
Published: March 12, 2025
Downloadable IOCs: 4

Analysis of an incident involving a web shell used as a backdoor

A SOC investigation uncovered a web shell attack on a government SharePoint server in Southeast Asia. The attackers used certutil to download an ASPX payload disguised as a 404 page, then employed Potato tools for privilege escalation. Analysis revealed the web shell to be Behinder, a modular backd…
privilege escalation
badpotato
behinder
godpotato
web shell
southeast asia
2025-02-28
memory-based threats
sweetpotato
potato tools
Published: February 28, 2025
Downloadable IOCs: 0

Investigating A Web Shell Intrusion With Managed XDR

This analysis details a web shell intrusion incident where attackers exploited an IIS worker to exfiltrate data. The attacker uploaded a web shell, created a new account for persistence, modified an existing user's password, and used encoded PowerShell commands to establish a reverse TCP shell for …
powershell
anydesk
privilege escalation
data exfiltration
web shell
command-and-control
2025-01-15
reverse tcp shell
iis worker
Published: January 15, 2025
Downloadable IOCs: 0

Analysis of Attack Cases Against Korean Solutions by the Andariel Group (SmallTiger)

The Andariel group has been targeting various South Korean software solutions, particularly asset management and document management systems. Recent attacks involve the installation of SmallTiger malware, often through exploiting vulnerabilities in outdated software versions. In asset management so…
south korea
rdp
smalltiger
keylogger
web shell
2024-12-31
modeloader
document management
asset management
Published: December 31, 2024
Downloadable IOCs: 5

Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis

This analysis examines two cybersecurity incidents: a web shell attack and a VPN compromise. The web shell attack involved uploading malicious files to a server, executing commands, creating a local admin account, and attempting to establish persistence. The VPN compromise led to lateral movement, …
anydesk
persistence
CVE-2020-1472
lateral movement
privilege escalation
web shell
defense evasion
2024-10-24
iis
mxdr
vpn compromise
Published: October 24, 2024
Linked vulnerabilities : CVE-2020-1472
Downloadable IOCs: 1

Unmasking Prometei: A Deep Dive Into MXDR Findings

This analysis examines the Prometei botnet's infiltration of a customer's system through a targeted brute force attack. Leveraging Trend Vision One, the investigation traced the botnet's detailed installation routine and stealthy tactics. Prometei, a modular malware family used for cryptocurrency m…
botnet
credential theft
lateral movement
dga
web shell
tor
cryptocurrency mining
2024-10-23
prometei
CVE-2021-27065
CVE-2021-26858
CVE-2019-0708
Published: October 23, 2024
Downloadable IOCs: 0

Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA

A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
rootkit
powershell
lockbit
attack
service
malicious
web shell
2024-10-15
threat actor
zero-day vulnerability
csa appliance
cve20248190
zero
life
Published: October 15, 2024
Downloadable IOCs: 17

Tropic Trooper spies on government entities in the Middle East

Tropic Trooper, a Chinese-speaking APT group active since 2011, has expanded its operations to target government entities in the Middle East. The group deployed a new variant of the China Chopper web shell on a compromised Umbraco CMS server, along with other post-exploitation tools and backdoor im…
fscan
china chopper
2024-09-05
web shell
swor
bypassgodzilla
crowdoor
umbraco cms
neo-regeorg
Published: September 5, 2024
Downloadable IOCs: 7
Click here to see more Attack Reports