Skip to main content

Posts

Featured

APT34 WebShell Filenames

APT34 webshell names..If you see these in your proxy logs and PCR (Producer/Consumer Ratio) is near 1 or -1 then you should investigate further

Count of compromised known compromised websites, webshell file name

12 error1.aspx 8 signin.aspx 7 logout.aspx 7 error3.aspx 5 signout.aspx 4 logon.aspx 3 RedirSuiteService.aspx 3 getidtoken.aspx 3 EventClass.aspx 2 petrol.aspx 2 owaauth.aspx 2 outlookdn.aspx 2 outlook.aspx 2 login.aspx 2 getidtokens.aspx 2 errorff.aspx 2 error0.aspx 1 WrkStatLog.aspx 1 WrkSetlan.aspx 1 workpage.aspx 1 webform.aspx 1 viewpercthesaurus.aspx 1 tofollowup.aspx 1 Timeoutctl.aspx 1 timeout.aspx 1 tax.aspx 1 statistic.aspx 1 signproces.aspx 1 signon.aspx 1 ShowContents.aspx 1 resources.aspx 1 RegStructures.aspx 1 redirSuite.aspx 1 redireservice.aspx 1 RedirectCach…

Latest Posts

Extracting Sodinokibi Configuration

Suspicious Strings in Memory

Live forensic collection and triage using CyLR, CDQR and Skadi