Pulse Detail — Threat Intelligence

PULSE NAME

Kaspersky SOC analyzes an incident involving a web shell used as a backdoor | Securelist

WHITE Careto threathunter999 2025-03-05 Modified: 2025-03-05

IOCs

MEDIUM VOLUME

Kaspersky Endpoint Security (SOC) uncovered a well-known family of web shells used by Chinese-speaking threat actors, according to the company's security researcher Domenico Caldarella.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1059 T1027 T1105

MALWARE FAMILIES

ASPX CookiePlus

Indicators of Compromise (37)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL YARA domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	32865229279de31d08166f7f24226843	—	2025-03-05
FileHash-MD5	578a303d8a858c3265de429db9f17695	—	2025-03-05
FileHash-MD5	5ea7f17e75d43474b9dfcd067ff85216	—	2025-03-05
FileHash-MD5	b5755be4aad8d8fe1bd0e6ac5728067b	—	2025-03-05
FileHash-MD5	b8a468615e0b0072d2f32e44a7c9a62f	—	2025-03-05
FileHash-MD5	cd56a5a7835b71df463ec416259e6f8f	—	2025-03-05
FileHash-MD5	ea19d6845b6fc02566468ff5f838bff1	—	2025-03-05
FileHash-MD5	ef153e1e216c80be3fdd520dd92526f4	—	2025-03-05
FileHash-MD5	fc793d722738c7fcdfe8ded66c96495b	—	2025-03-05
FileHash-SHA1	0cbc4f55dd0311bd2e04d46a2182aa9aa85354f4	SHA1 of fc793d722738c7fcdfe8ded66c96495b	2025-03-05
FileHash-SHA1	505ed9f3c0144b21f99cd18d2ba17725f1a8ef8c	SHA1 of b5755be4aad8d8fe1bd0e6ac5728067b	2025-03-05
FileHash-SHA1	cb62d023117802ce727e070da32c7d9d1ea51a5c	SHA1 of b8a468615e0b0072d2f32e44a7c9a62f	2025-03-05
FileHash-SHA256	0ebb0bcae456037eddd3cce7ef312069dd93b3c78dd97fca752d1bd8703819f2	SHA256 of b8a468615e0b0072d2f32e44a7c9a62f	2025-03-05
FileHash-SHA256	191cf3723d8480d7f51ada3676c9f1098f1626a1e89bf905cd7d030c948a61ae	SHA256 of b5755be4aad8d8fe1bd0e6ac5728067b	2025-03-05
FileHash-SHA256	2241cb7e35dcac88b2290bff0543828fec5a0c0d330b38181cebf4f791d83fca	SHA256 of fc793d722738c7fcdfe8ded66c96495b	2025-03-05
URL	http://bashupload.com/[REDACTED]/404.aspx	—	2025-03-05
YARA	165a7c08ba462284a5095f95440fd876979b74ac	—	2025-03-05
domain	bashupload.com	—	2025-03-05
URL	http://bashupload.com/2-XD3/WoW.exe	—	2025-03-05
URL	http://bashupload.com/B0Lex/client.exe	—	2025-03-05
URL	http://bashupload.com/K_LFB/sg_socket	—	2025-03-05
URL	http://bashupload.com/LMjjh/rubin.exe	—	2025-03-05
URL	http://bashupload.com/Mo_Bm/BwHrt.zip	—	2025-03-05
URL	http://bashupload.com/PYUf6/build.exe	—	2025-03-05
URL	http://bashupload.com/VaJNP/Applicants.exe	—	2025-03-05
URL	http://bashupload.com/efZSp/05557000.7z	—	2025-03-05
URL	http://bashupload.com/giBjS/test.txt	—	2025-03-05
URL	http://bashupload.com/ysQx8/free.7z	—	2025-03-05
URL	https://bashupload.com/C0G0F/reverse.s	—	2025-03-05
URL	https://bashupload.com/I0vru/KZZre.zip	—	2025-03-05
URL	https://bashupload.com/Mo_Bm/BwHrt.zip	—	2025-03-05
URL	https://bashupload.com/MzssZ/e1ML_.exe	—	2025-03-05
URL	https://bashupload.com/adyl5/revssh64	—	2025-03-05
URL	https://bashupload.com/dJQMs/Officex.xlsx	—	2025-03-05
URL	https://bashupload.com/s6X01/errorFE.aspx	—	2025-03-05
URL	https://bashupload.com/uCiPm/SENT_Kill[.]zip	—	2025-03-05
URL	https://bashupload.com/[REDACTED]/404.aspx	—	2025-03-05

References (1)

↗ https://securelist.com/soc-files-web-shell-chase/115714/