mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 18:27:19 +00:00
Merge pull request #624 from nyx0/main
Add Exaramel and P.A.S. webshell tool.
This commit is contained in:
commit
5d83ed1a70
1 changed files with 34 additions and 1 deletions
|
@ -8235,7 +8235,40 @@
|
|||
"related": [],
|
||||
"uuid": "1974ea65-7312-4d91-a592-649983b46554",
|
||||
"value": "Caterpillar WebShell"
|
||||
},
|
||||
{
|
||||
"description": "The P.A.S. webshell was developed by an ukrainian student, Jaroslav Volodimirovich Panchenko, who used the nick-name Profexer. It was developed in PHP and features a characteristic password-based encryption. This tool was available through a form on his website, where a user had to provide a password to receive a custom webshell. The form suggested a donation to the developer. It was commonly used, including during a WORDPRESS website attack.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://us-cert.cisa.gov/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity",
|
||||
"https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
|
||||
],
|
||||
"synonyms": [
|
||||
"Fobushell"
|
||||
],
|
||||
"type": [
|
||||
"webshell"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "6baa1f46-daa9-4f40-952b-ec613c835abb",
|
||||
"value": "P.A.S. webshell"
|
||||
},
|
||||
{
|
||||
"description": "Exaramel is a backdoor first publicly reported by ESET in 2018. Two samples were identified, one targeting the WINDOWS operating system and the other targeting LINUX operating systems.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.welivesecurity.com/2018/10/11/new-telebots-backdoor-linking-industroyer-notpetya/",
|
||||
"https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
|
||||
],
|
||||
"type": [
|
||||
"backdoor"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "95174297-6dff-47d9-bcb9-263f9b2efcfb",
|
||||
"value": "Exaramel"
|
||||
}
|
||||
],
|
||||
"version": 141
|
||||
"version": 142
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue