mirror of https://github.com/MISP/misp-galaxy
jq~
parent
d6a4e3a5a0
commit
fa813f0f20
|
@ -2920,7 +2920,7 @@
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://researchcenter.paloaltonetworks.com/2017/07/unit42-twoface-webshell-persistent-access-point-lateral-movement/"
|
"https://researchcenter.paloaltonetworks.com/2017/07/unit42-twoface-webshell-persistent-access-point-lateral-movement/"
|
||||||
]
|
]
|
||||||
},
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"description": "Like TwoFace, the IntrudingDivisor webshell requires the threat actor to authenticate before issuing commands. To authenticate, the actor must provide two pieces of information, first an integer that is divisible by 5473 and a string whose MD5 hash is “9A26A0E7B88940DAA84FC4D5E6C61AD0”. Upon successful authentication, the webshell has a command handler that uses integers within the request to determine the command to execute - To complete",
|
"description": "Like TwoFace, the IntrudingDivisor webshell requires the threat actor to authenticate before issuing commands. To authenticate, the actor must provide two pieces of information, first an integer that is divisible by 5473 and a string whose MD5 hash is “9A26A0E7B88940DAA84FC4D5E6C61AD0”. Upon successful authentication, the webshell has a command handler that uses integers within the request to determine the command to execute - To complete",
|
||||||
|
|
Loading…
Reference in New Issue