← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Kaspersky SOC analyzes an incident involving a web shell used as a backdoor | Securelist
WHITE Careto threathunter999 2025-03-05 Modified: 2025-03-05
37
IOCs
MEDIUM VOLUME
Kaspersky Endpoint Security (SOC) uncovered a well-known family of web shells used by Chinese-speaking threat actors, according to the company's security researcher Domenico Caldarella.
backdoormalwaremalware descriptionsmalware technologiessocweb shellredactedenjsonandcryptbashuploadpotatomonday morningsiemsecuritysoutheast asiasoc analystsharepointvirustotalcaretoaspxcookieplus
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
ASPX CookiePlus
Indicators of Compromise (9 / 37 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL YARA domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 32865229279de31d08166f7f24226843 2025-03-05
FileHash-MD5 578a303d8a858c3265de429db9f17695 2025-03-05
FileHash-MD5 5ea7f17e75d43474b9dfcd067ff85216 2025-03-05
FileHash-MD5 b5755be4aad8d8fe1bd0e6ac5728067b 2025-03-05
FileHash-MD5 b8a468615e0b0072d2f32e44a7c9a62f 2025-03-05
FileHash-MD5 cd56a5a7835b71df463ec416259e6f8f 2025-03-05
FileHash-MD5 ea19d6845b6fc02566468ff5f838bff1 2025-03-05
FileHash-MD5 ef153e1e216c80be3fdd520dd92526f4 2025-03-05
FileHash-MD5 fc793d722738c7fcdfe8ded66c96495b 2025-03-05
References (1)
↗ https://securelist.com/soc-files-web-shell-chase/115714/