Understanding the Initial Stages of Web Shell and VPN Threats An MXDR Analysis
Tags
cmtmf-attack-pattern: Code Injection Masquerading
maec-delivery-vectors: Watering Hole
attack-pattern: Data Code Injection - T1540 Credentials - T1589.001 Domain Accounts - T1078.002 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Phishing - T1660 Phishing - T1566 Remote Access Software - T1663 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Shell - T1505.003 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Masquerading - T1036 Remote Access Tools - T1219 Remote Desktop Protocol - T1076 Scripting - T1064 Web Shell - T1100 Masquerading Scripting
Show in Graph
Common Information
Type Value
UUID 0be585ca-9692-45d8-8bb6-cb5d6067adbf
Fingerprint b5391cd149167fc5
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 24, 2024, midnight
Added to db Oct. 24, 2024, 12:06 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis
Title Understanding the Initial Stages of Web Shell and VPN Threats An MXDR Analysis
Detected Hints/Tags/Attributes 79/3/12
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_us/research/24/j/understanding-the-initial-stages-of-web-shell-and-vpn-threats-an.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 119 Trend Micro Research, News and Perspectives https://feeds.feedburner.com/TrendMicroSimplySecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 217 
cve-2020-1472
Details File 128 
w3wp.exe
Details File 2125 
cmd.exe
Details File 1 
lcx5qm.jpg
Details File 1 
zxin.jpg
Details File 92 
c:\windows\system32\svchost.exe
Details File 165 
reg.exe
Details File 1 
fff.txt
Details File 39 
anydesk.exe
Details File 256 
net.exe
Details File 1 
netapp.exe
Details File 40 
netscan.exe