Covert Web Shells in .NET with Read-Only Web Paths - MDSec
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Javascript - T1059.007 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Web Shell - T1505.003 Web Services - T1583.006 Web Services - T1584.006 Connection Proxy - T1090 Powershell - T1086 Web Shell - T1100
Show in Graph
Common Information
Type Value
UUID a6067f7d-7ba9-4064-b75b-42bc97e8ba30
Fingerprint b60e1a8885b71f95
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 15, 2020, 9:28 a.m.
Added to db Jan. 18, 2023, 11:28 p.m.
Last updated Nov. 16, 2024, 11:18 a.m.
Headline Covert Web Shells in .NET with Read-Only Web Paths
Title Covert Web Shells in .NET with Read-Only Web Paths - MDSec
Detected Hints/Tags/Attributes 33/2/17
Source URLs
Redirection Url
Details Source https://www.mdsec.co.uk/2020/10/covert-web-shells-in-net-with-read-only-web-paths/
URL Provider
Details Provider Source level domain
Details mdsec.co.uk www.mdsec.co.uk
Attributes
Details Type #Events CTI Value
Details CVE 8 
cve-2020-1147
Details Domain 32 
ysoserial.net
Details Domain 285 
microsoft.net
Details Domain 397 
asp.net
Details File 1 
ghostwebshell.cs
Details File 13 
ysoserial.exe
Details File 57 
system.dll
Details File 11 
web.dll
Details File 51 
system.dat
Details File 18 
a.dll
Details File 19 
system.xml
Details File 4 
extensions.dll
Details File 2 
quicklinks.aspx
Details File 8 
microsoft.asp
Details File 14 
reflection.bin
Details File 1 
dingflags.pub
Details File 1 
friendlyurls.dll