# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://github.com/emposha/PHP-Shell-Detector /120667kk.php /1405674947.1405674947 /1n73ction.php /420532shell.php /629788tryag.php /951078bij.php /fatalisticz.php /o0o.php /azrail.php /accept_language.php /ahlisyurga_shell.php /ajan.asp /ajax_command_shell.php /akatsuki.php /al-marhum.php /albanianshell.php /andr3a.php /antichat_shell.php /antisecshell.php /arab_black_hat.pl /asmodeus.pl /aspx-shell.aspx /aspydrv.vb /ayyildiz_tim.php /b374k.php /b64shell.php /backdoor.php /backdoorconnect.pl /batavi4.php /blindshell.c /blood3rpriv8.php /bogel_shell.php /brute_force_tool.php /buckethead.php /c100.php /c2007.php /c99.php /casus15.php /cbot.php /cfexec.cfm /cgi-python.py /cgi-shell.pl /cgitelnet.pl /cih.php /clearshell.php /cmd.asp /cmd.aspx /cmd.jsp /cmd.php /cmd.pl /cmos_clr.php /cocacola_shell.php /coderz.php /configspy.php /connectback2.pl /constance.php /cpanel.php /cristercorp_infocollector.php /crystal.php /cshell.php /ctt_shell.php /cybershell.php /cyberspy5.asp /darkshell.php /dc3shell.php /devil.php /devilz0de.php /devilzshell.php /diveshell.php /dtool.php /dxshell.php /efso2.asp /egyspider.php /ekin0x.php /elmaliseker.asp /elmaliseker.vbs /empixcrew.pl /empo.php /entrika.php /erne.php /explore.asp /extplorer.php /fatalshell.php /fenix.php /filesman.php /foreverpp.php /fuckphpshell.php /fx0.php /g00nshell.php /gammashell.pl /gaulircbot.php /getlinks.php /gfs.php /gnyshell.php /gohack_powerserver.php /goon.php /gscshell.php /h4ntu.php /hacker.php /hackerps.php /harauku.php /hiddenshell.php /hostdevil.php /hostdevil.pl /hshell.php /htaccess_shell.htaccess /i47.php /imhapftp.php /includeshell.php /indexer.asp /indishell.php /insomnia.aspx /ipays777.php /irc_bot.pl /ironshell.php /isko.php /itsecteam_shell.php /jackal.php /javashell.py /joomla_spam.php /jspreverse.jsp /jspwebshell.java /kadotshell.php /kaushell.php /king511.pl /klasvayv.asp /kral.php /lamashell.php /lizozim.php /loadshell.php /locusshell.php /lolipop.php /lostdc.php /lurm.cgi /m1n1shell.php /madspot.php /mahkeme.php /metasploit.php /mildnet.php /mm.php /mohajer22.pl /moroccan_spam.php /mrtiger.php /mulcishell.php /myshell.php /mysql.php /mysql_adminer.php /n3fa5t1ca.php /nccshell.php /networkfilemanager.php /nexpl0rer.php /nixshell.php /nogrodpbot.php /noname.php /nshell.php /nstview.php /ntdaddy.asp /obet.php /onboomshell.php /orbshell.php /pas.php /pbot.php /perlbot.pl /perlwebshell.pl /phantasma.php /php_mailer.php /phpbackdoor.php /phpemailer.php /phpfilemanager.php /phpmyadmin_exploit.php /phpshell.php /phpspy.php /phvayv.php /phytonshell.py /postman.php /powerdreamshell.asp /priv8_scr.pl /pwnshell.jsp /pzadv.php /qreyfurt.aspx /r3laps3.php /r57.php /rader.asp /remoteshell.php /remoteview.php /removexplorer.vb /reverse_shell.php /rhtool.asp /rootshell.php /s72shell.php /safemode.php /savefile.php /scanner_jatimcrew.pl /sec4ever.php /sempak.php /server_config.php /shell_commander.php /shell_exploit.php /shell_uploader.php /shellarchive.php /shellatildi.php /shellbot.pl /simattacker.php /simple_shell.php /simshell.php /sincap.php /smartshell.asp /smtpd.py /snipershell.php /spam.php /spam_trustapp.php /spyshell.php /sroshell.php /stakershell.php /stressbypass.php /stunshell.php /symlink.php /tbdsecurity.php /tdshell.php /teamps.php /teamsql.php /telnet.pl /telnetd.pl /troyan.php /tryag.php /udpflooder.php /unitxshell.pl /us3rspl.pl /v0ld3m0r.php /v0ld3m0rt.php /variables.asp /w3dshell.php /wacking.php /webadmin.php /webmysql.php /webroot.php /webshell.php /winx.php /wordpress_exploit.php /worse.php /wso.php /xinfo.php /zaco.php /zehir4.asp /zehir4.php # Reference: https://github.com/ismailtasdelen/shell-backdoor-list/tree/master/shell/asp /aspcmd.asp /kacak.asp /newaspcmd.asp /pouya.asp # Reference: https://twitter.com/killamjr/status/1191923979549921280 /cxxz.php # Reference: https://twitter.com/ANeilan/status/1232283590114840576 # Reference: https://pastebin.com/8LL4Hg9e # Reference: https://pastebin.com/trRiwBKQ /sh.php # Reference: https://twitter.com/malwrhunterteam/status/1241318536280227844 # Reference: https://www.virustotal.com/gui/file/92b967726cfbdb5f2714025951403c51eadb8951fc13f868f9be4098884ee70b/behavior/C2AE /shellcode.php /shellcode.txt /shellcode11.txt /shellcode22.txt # Reference: https://securelist.com/energetic-bear-crouching-yeti/85345/ /code29.php /proxy87.php # Reference: https://paste.ee/r/v9aRR/0 /shell.php # Reference: https://twitter.com/jstrosch/status/1255898007377231873 /cxz.php # Reference: https://twitter.com/Marco_Ramilli/status/1315327238255116288 /shell202007281.php # Reference: https://twitter.com/ecarlesi/status/1344217410052579328 /ARS.shell.php /C99.shell.php /R57.shell.php /WSO2.shell.php # Misc. rst.void.ru r57.gen.tr r57.biz xshellz.com c99shellphp.com r57c99.com c99php.com localroot.net shells.altervista.org podathon.org/shell/ # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/ensiko-a-webshell-with-ransomware-capabilities/ /webshell/shell.php # Reference: https://twitter.com/jstrosch/status/1338891751285788672 /aboz.php /ass.php # Reference: https://twitter.com/jstrosch/status/1359745151263010816 /cnx.php /assets/plugins/bootstrap/js/by.txt # Reference: https://www.virustotal.com/gui/file/acaf8bc99d2af3aa01f9a37a0662e98b05d182787a00978243628c24938fb2ec/detection /BkLd6Pa7.php # Reference: https://www.virustotal.com/gui/file/6dfa980937f5776358b5485e8a4e92d333779020974312851826420d2feffa45/detection /HkPwijGf.php # Reference: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ /errorEE.aspx /errorEEE.aspx /errorEW.aspx /errorFF.aspx /aspnet_www.aspx /aspnet_client.aspx /xx.aspx /shell.aspx /aspnet_iisstart.aspx # Reference: https://www.praetorian.com/blog/reproducing-proxylogon-exploit/ /ysfwduaohcma.aspx # Reference: https://us-cert.cisa.gov/ncas/analysis-reports/ar21-072a /zXkZu6bn.aspx # Reference: https://us-cert.cisa.gov/ncas/analysis-reports/ar21-072c /F48zhi6U.aspx /Fc1b3WDP.aspx # Reference: https://us-cert.cisa.gov/ncas/analysis-reports/ar21-072d /2XJHwN19.aspx /UwSPMsFi.aspx # Reference: https://us-cert.cisa.gov/ncas/analysis-reports/ar21-072e /E3MsTjP8.aspx # Reference: https://us-cert.cisa.gov/ncas/analysis-reports/ar21-072f /supp0rt.aspx /uHSPTWMG.aspx # Reference: https://us-cert.cisa.gov/ncas/analysis-reports/ar21-072g /0q1iS7mn.aspx /8aUco9ZK.aspx /McYhCzdb.aspx /ogu7zFil.aspx # Reference: https://twitter.com/Bank_Security/status/1371712892907753473 # Reference: https://pastebin.com/aBxJEt2W /Webshell.aspx # Reference: https://blog.netlab.360.com/microsoft-exchange-vulnerability-cve-2021-26855-scan-analysis-3/ /aspnet_client/0q1iS7mn.aspx /aspnet_client/0QWYSEXe.aspx /aspnet_client/1d.aspx /aspnet_client/2XJHwN19.aspx /aspnet_client/7KmCS.aspx /aspnet_client/8aUco9ZK.aspx /aspnet_client/8lw7tahf9i1pjnro.aspx /aspnet_client/aa.aspx /aspnet_client/a.aspx /aspnet_client/ahihi.aspx /aspnet_client/aspnet.aspx /aspnet_client/aspnet_client.aspx /aspnet_client/aspnet_iisstart.aspx /aspnet_client/aspnet_iistart.aspx /aspnet_client/aspnet_pages.aspx /aspnet_client/aspnettest.aspx /aspnet_client/aspnet_www.aspx /aspnet_client/aspx_client.aspx /aspnet_client/authhead.aspx /aspnet_client/bob.aspx /aspnet_client/cafZCu.aspx /aspnet_client/checkerror635284.aspx /aspnet_client/client.aspx /aspnet_client/config.aspx /aspnet_client/configs.aspx /aspnet_client/current/one1.aspx /aspnet_client/default1.aspx /aspnet_client/default.aspx /aspnet_client/Default.aspx /aspnet_client/discover.aspx /aspnet_client/Discover.aspx /aspnet_client/document.aspx /aspnet_client/E3MsTjP8.aspx /aspnet_client/eror.aspx /aspnet_client/error404.aspx /aspnet_client/error.aspx /aspnet_client/errorcheck.aspx /aspnet_client/erroree.aspx /aspnet_client/errorEE.aspx /aspnet_client/erroreee.aspx /aspnet_client/errorEEE.aspx /aspnet_client/errorew.aspx /aspnet_client/errorEW.aspx /aspnet_client/errorff.aspx /aspnet_client/errorFF.aspx /aspnet_client/error_page.aspx /aspnet_client/errorpage.aspx /aspnet_client/errorpages.aspx /aspnet_client/est11.aspx /aspnet_client/F48zhi6U.aspx /aspnet_client/fatal-erro.aspx /aspnet_client/Fc1b3WDP.aspx /aspnet_client/healthcheck.aspx /aspnet_client/help..aspx /aspnet_client/help.aspx /aspnet_client/httpproxy.aspx /aspnet_client/HttpProxy.aspx /aspnet_client/iispage.aspx /aspnet_client/iisstart.aspx /aspnet_client/load.aspx /aspnet_client/log3.aspx /aspnet_client/logaaa.aspx /aspnet_client/log.aspx /aspnet_client/logg.aspx /aspnet_client/login.aspx /aspnet_client/logout.aspx /aspnet_client/Logout.aspx /aspnet_client/MAlREnavuY.aspx /aspnet_client/McYhCzdb.aspx /aspnet_client/Metabase.aspx /aspnet_client/multiup.aspx /aspnet_client/MultiUp.aspx /aspnet_client/obq.aspx /aspnet_client/ogu7zFil.aspx /aspnet_client/one1.aspx /aspnet_client/one.aspx /aspnet_client/online.aspx /aspnet_client/Online.aspx /aspnet_client/outlooken.aspx /aspnet_client/OutlookEN.aspx /aspnet_client/outlookfront.aspx /aspnet_client/outlookjp.aspx /aspnet_client/OutlookJP.aspx /aspnet_client/outlookru.aspx /aspnet_client/OutlookRU.aspx /aspnet_client/outlookzh.aspx /aspnet_client/qfmrucnzl.aspx /aspnet_client/rabiitch.aspx /aspnet_client/redirsuiteserverproxy.aspx /aspnet_client/RedirSuiteServerProxy.aspx /aspnet_client/s.aspx /aspnet_client/server.aspx /aspnet_client/Server.aspx /aspnet_client/Service.aspx /aspnet_client/session.aspx /aspnet_client/shel2.aspx /aspnet_client/shel90.aspx /aspnet_client/shel.aspx /aspnet_client/shell.aspx /aspnet_client/shellex.aspx /aspnet_client/show.aspx /aspnet_client/signon.aspx /aspnet_client/soHKY.aspx /aspnet_client/sol.aspx /aspnet_client/supp0rt.aspx /aspnet_client/support.aspx /aspnet_client/system.aspx /aspnet_client/system_web/1A2ZeQOu.aspx /aspnet_client/system_web/2TFGNswO.aspx /aspnet_client/system_web/3NHhPxJ5.aspx /aspnet_client/system_web/3ue5myCq.aspx /aspnet_client/system_web/4_0_30319/self.aspx /aspnet_client/system_web/9VkFwtxt.aspx /aspnet_client/system_web/cMvBgHLZ.aspx /aspnet_client/system_web/Cs64LbPk.aspx /aspnet_client/system_web/E12B65rm.aspx /aspnet_client/system_web/error.aspx /aspnet_client/system_web/GnCwADKH.aspx /aspnet_client/system_web/ioWYM7C4.aspx /aspnet_client/system_web/log.aspx /aspnet_client/system_web/logfe.aspx /aspnet_client/system_web/logon.aspx /aspnet_client/system_web/logx2.aspx /aspnet_client/system_web/ogzsis0L.aspx /aspnet_client/system_web/QBFjM1SC.aspx /aspnet_client/system_web/sJ0f8qHt.aspx /aspnet_client/system_web/sol.aspx /aspnet_client/system_web/test.aspx /aspnet_client/system_web/vY4qLEpG.aspx /aspnet_client/system_web/WFk2or3Y.aspx /aspnet_client/t.aspx /aspnet_client/temp.aspx /aspnet_client/test007.aspx /aspnet_client/uHSPTWMG.aspx /aspnet_client/upnews.aspx /aspnet_client/UwSPMsFi.aspx /aspnet_client/uyqITYBPew.aspx /aspnet_client/voqbETdoni.aspx /aspnet_client/web.aspx /aspnet_client/web.config.aspx /aspnet_client/WlUtyY.aspx /aspnet_client/xclkmcfldfi948398430fdjkfdkj.aspx /aspnet_client/xx.aspx /aspnet_client/y3iGH.aspx /aspnet_client/zEeomtdYcX.aspx /aspnet_client/zXkZu6bn.aspx /owa/auth/061a06908b.aspx /owa/auth/15.0.1347/themes/resources/exchange_create_css.aspx /owa/auth/15.0.1497/themes/resources/error.aspx /owa/auth/15.0.847/themes/resources/hmask.aspx /owa/auth/15.1.1913/themes/resources/bg_gradient_login.aspx /owa/auth/15.1.1913/themes/resources/View_Photos.aspx /owa/auth/15.1.2044/themes/resources/office365_ph.aspx /owa/auth/15.1.225/scripts/premium/errorPE.aspx /owa/auth/1d61acae91.aspx /owa/auth/27fib.aspx /owa/auth/6GIXZG.aspx /owa/auth/8lw7tahf9i1pjnro.aspx /owa/auth/8Lw7tAhF9i1pJnRo.aspx /owa/auth/aaa.aspx /owa/auth/aa.aspx /owa/auth/a.aspx /owa/auth/ahihi.aspx /owa/auth/asas.aspx /owa/auth/aspnet.aspx /owa/auth/aspnet_client.aspx /owa/auth/aspnet_iisstart.aspx /owa/auth/aspnet_pages.aspx /owa/auth/aspnettest.aspx /owa/auth/aspnet_www.aspx /owa/auth/aspx_client.aspx /owa/auth/atlthunk.aspx /owa/auth/authhead.aspx /owa/auth/b.aspx /owa/auth/bob.aspx /owa/auth/checkerror635284.aspx /owa/auth/CommonError.aspx /owa/auth/Current/AMNBJLXqoHTV.aspx /owa/auth/Current/app222.aspx /owa/auth/Current/Exchanges.aspx /owa/auth/Current/layout.aspx /owa/auth/current/one1.aspx /owa/auth/Current/scripts/premium/fexppw.aspx /owa/auth/Current/themes/config1.aspx /owa/auth/Current/themes/errorFS.aspx /owa/auth/Current/themes/resources/daxlz.aspx /owa/auth/current/themes/resources/error.aspx /owa/auth/Current/themes/resources/errorFE.aspx /owa/auth/Current/themes/resources/Ignrop.aspx /owa/auth/Current/themes/resources/lgnleft.aspx /owa/auth/Current/themes/resources/logon.aspx /owa/auth/Current/themes/resources/OutlookQN.aspx /owa/auth/Current/themes/resources/owafont_vn.aspx /owa/auth/Current/themes/resources/owafont_vo.aspx /owa/auth/Current/themes/resources/system_io.aspx /owa/auth/Current/themes/resources/View_tools.aspx /owa/auth/Current/zJBxcBoI.aspx /owa/auth/dbuj9.aspx /owa/auth/default1.aspx /owa/auth/default.aspx /owa/auth/DesktopShellExt.aspx /owa/auth/discover.aspx /owa/auth/Discover.aspx /owa/auth/document.aspx /owa/auth/Err0r.aspx /owa/auth/error404.aspx /owa/auth/ErrorAA.aspx /owa/auth/error.aspx /owa/auth/errorcheck.aspx /owa/auth/ErrorDef.aspx /owa/auth/erroree.aspx /owa/auth/errorEE.aspx /owa/auth/erroreee.aspx /owa/auth/errorEEE.aspx /owa/auth/errorew.aspx /owa/auth/errorEW.aspx /owa/auth/erroreww.aspx /owa/auth/errorFE.aspx /owa/auth/errorff.aspx /owa/auth/errorFF.aspx /owa/auth/errorfff.aspx /owa/auth/error_page.aspx /owa/auth/errorpage.aspx /owa/auth/errorPage.aspx /owa/auth/errorpages.aspx /owa/auth/errorPages.aspx /owa/auth/evilcorp.aspx /owa/auth/expiredpassword.aspx /owa/auth/fatal-erro.aspx /owa/auth/fhsvc.aspx /owa/auth/FR5Ha0D1dwfsqIUMhLCQ.aspx /owa/auth/frow.aspx /owa/auth/getpp.aspx /owa/auth/HcDKNzBoha.aspx /owa/auth/healthcheck.aspx /owa/auth/help.aspx /owa/auth/hmknq.aspx /owa/auth/httpproxy.aspx /owa/auth/HttpProxy.aspx /owa/auth/hUjwpeROcY7Fo4g8ETH3.aspx /owa/auth/HUUPItrNpXvI.aspx /owa/auth/iasads.aspx /owa/auth/iispage.aspx /owa/auth/jhJ2zT9ouOfP6VnBcHg3.aspx /owa/auth/jOBJIfr92ERLmg1HcnF3.aspx /owa/auth/KBDBENE.aspx /owa/auth/KrhHyDPwb70ct362JmLn.aspx /owa/auth/L2oXwTljs3GnMyHQV0KR.aspx /owa/auth/letmeinplzs.aspx /owa/auth/load.aspx /owa/auth/lo.aspx /owa/auth/log.aspx /owa/auth/logerr.aspx /owa/auth/logg.aspx /owa/auth/login.aspx /owa/auth/logoff.aspx /owa/auth/logout.aspx /owa/auth/Logout.aspx /owa/auth/m0xbqRg1ranzvGD3jiXT.aspx /owa/auth/multiup.aspx /owa/auth/MultiUp.aspx /owa/auth/ntprint.aspx /owa/auth/one1.aspx /owa/auth/one.aspx /owa/auth/online.aspx /owa/auth/Online.aspx /owa/auth/OutlookAR.aspx /owa/auth/OutlookAS.aspx /owa/auth/OutlookCN.aspx /owa/auth/OutlookDA.aspx /owa/auth/OutlookDE.aspx /owa/auth/OutlookDN.aspx /owa/auth/outlooken.aspx /owa/auth/OutlookEN.aspx /owa/auth/OutlookEN.US.aspx /owa/auth/OutlookES.aspx /owa/auth/OutlookFR.aspx /owa/auth/outlookfront.aspx /owa/auth/OutlookIO.aspx /owa/auth/OutlookIT.aspx /owa/auth/outlookjp.aspx /owa/auth/OutlookJP.aspx /owa/auth/OutlookPL.aspx /owa/auth/outlookru.aspx /owa/auth/OutlookRU.aspx /owa/auth/OutlookSE.aspx /owa/auth/OutlookUN.aspx /owa/auth/OutlookUS.aspx /owa/auth/outlookzh.aspx /owa/auth/OutlookZH.aspx /owa/auth/ovfwHWjwWm.aspx /owa/auth/owaauth.aspx /owa/auth/plorion.aspx /owa/auth/ProximityService.aspx /owa/auth/proxylogon.aspx /owa/auth/pzbwl.aspx /owa/auth/qnx.aspx /owa/auth/redirsuiteserverproxy.aspx /owa/auth/RedirSuiteServerProxy.aspx /owa/auth/rlvgk.aspx /owa/auth/rwinsta.aspx /owa/auth/s.aspx /owa/auth/secauth1.aspx /owa/auth/secauth.aspx /owa/auth/seclogon.aspx /owa/auth/server.aspx /owa/auth/session.aspx /owa/auth/shel2.aspx /owa/auth/shel90.aspx /owa/auth/shel.aspx /owa/auth/shell.aspx /owa/auth/shellex.aspx /owa/auth/shelltest.aspx /owa/auth/signon.aspx /owa/auth/signout.aspx /owa/auth/sol.aspx /owa/auth/supp0rt.aspx /owa/auth/system_web/log.aspx /owa/auth/t.aspx /owa/auth/test13037.aspx /owa/auth/test1337.aspx /owa/auth/test.aspx /owa/auth/theme-gsx8ujzpicf0.aspx /owa/auth/theme-vten8snn874b.aspx /owa/auth/TimeoutLogout.aspx /owa/auth/tNLPge.aspx /owa/auth/tpmvscmgrsvr.aspx /owa/auth/tst1.aspx /owa/auth/VqEUaLjKpcWoNC7yPMlz.aspx /owa/auth/wanlin.aspx /owa/auth/web.aspx /owa/auth/web.config.aspx /owa/auth/WMSPDMOD.aspx /owa/auth/XblGameSave.aspx /owa/auth/XboxNetApiSvc.aspx /owa/auth/xclkmcfldfi948398430fdjkfdkj.aspx /owa/auth/xx.aspx /owa/auth/ZI3uMczmPa5bwTYVpKsE.aspx /owa/auth/zntwv.aspx # Reference: https://twitter.com/xuy1202/status/1374694429911523333 /c99.txt # Reference: https://krebsonsecurity.com/2021/03/no-i-did-not-hack-your-ms-exchange-server/ # Reference: https://otx.alienvault.com/pulse/6061ebaf97943b790e97e899 # Reference: https://www.virustotal.com/gui/file/5f7d898ade3162bfb0c8d3006c42e934ff81fab3b4ad3b51c13441fd63e438cb/detection /owa/auth/babydraco.aspx # Reference: https://twitter.com/sans_isc/status/1467835679187083267 /AK-74.php /Ayyildiz_Tim.php /CasuS-1.5.php /Dive_Shell.php /JspWebshell_1.2.php /Loaderz_WEB_Shell.php /SnIpEr_SA%20Shell.php /c99_PSych0.php /dC3_Security.php /jspshell.jsp /mma.php /punk-nopass.php /safe0ver.php /spyshell.php # Reference: https://www.mandiant.com/resources/fin13-cybercriminal-mexico /shell/exec?cmd= /shell2/exec?cmd= /shell/cmd.jsp /shell2/cmd.jsp # Reference: https://twitter.com/bad_packets/status/1471375127824588802 /revshell.asp /revshell.aspx /revshell.jsp /revshell.php /revshell.py /revshell.pyc # Reference: https://twitter.com/bad_packets/status/1470914982405545986 /ReverseShell/ /Basic/ReverseShell/ # Reference: https://twitter.com/s1ckb017/status/1488467066583760896 # Reference: https://www.virustotal.com/gui/file/6421f9ad22df037dbf080bb77214ee09bdd59d1a901c7522f4971b9c5c3fa06c/detection /adssp/adsf/index.jsp /webapps/adssp/adsf/index.jsp # Reference: https://decoded.avast.io/janneduchal/analysis-of-attack-against-national-games-of-china-systems/ /runscript.lua /remote/miss.php /remote/miss1.php # Reference: https://twitter.com/r3dbU7z/status/1493675446210281479 /shell.jsp # Reference: https://twitter.com/unmaskparasites/status/1499593717845348354 # Reference: https://www.virustotal.com/gui/file/b70e6b9745f425902f337d424a8a18f4f050085e12cf282d5089699f6c67b11d/detection /_@files/php/FoxWSO-full.txt /files/olux-shell.txt /files/xleet-shell.txt /php/FoxEx-shell.txt /FoxEx-shell.txt /FoxWSO-full.txt /olux-shell.txt /xleet-shell.txt /akhmhcij/ # Reference: https://twitter.com/1ZRR4H/status/1510311007113158668 # Reference: https://blog.netlab.360.com/what-our-honeypot-sees-just-one-day-after-the-spring4shell-advisory-en/ /member3war.jsp /myshell.jsp /tomcatspring.jsp /tomcatwar.jsp /wpz.jsp # Reference: https://twitter.com/bad_packets/status/1511796663140052994 /1877team.jsp # Reference: https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/ /07935fdf05b66.jsp /0xd0m7.jsp /UJaez.jsp /Y4kws.jsp /aniwvzgvwqnwtehgsfsgbslwoiqkjk.jsp /cbsewlaeqsdsqktavziakyzsuwfciu.jsp /checkexploit.jsp /curiositysec.jsp /czbwzitpzjzkcvkrirybzihsibmuej.jsp /czpdnhpraxgzrtatiuigsalfedwwit.jsp /dnuurzjtlbjrnuukwdmaltqrqqlaig.jsp /duvdqpoyrcapqbfcetgwsqxfkslubw.jsp /gdGCT.jsp /ggoibjvztvlpelaghjzeweqmopjosz.jsp /goocmasqxwfufyxrgyachwidxdotkh.jsp /hackerone0x.jsp /hlbpgpqsyracfnvkgrgvlhcptpmdfn.jsp /hmmyitbecwhmrdicykmfvqlcsknbff.jsp /hnmqeuzumlokxuhqyekeetrgougeof.jsp /ilvckpgzbrcdljyqdfhqendqcwhgxp.jsp /inject.jsp /izodfyvqujwztweclykgozahdlqvqp.jsp /jarom_h1.jsp /javatestfila.jsp /jquery123123123cssbackup7331.jsp /jynrrkjghebemkrhvfzllrepzosinb.jsp /kqbnngrfnsxlreajyknuimoamysvwt.jsp /lalalalal.jsp /lelel.jsp /ltcovlwqkckjpuzbqzbjdpkgkakvno.jsp /mhoqqvpuxdqtuqzmwdrvdeayqvlygb.jsp /mynameis0bsecure.jsp /osanxuadyvjaiorcjfqnckfpewunnt.jsp /poc4bugb.jsp /ptipfhjosfvrfwndwqccapozcbasge.jsp /pxwcqxzrstepmbwufjxuaydkwgmvds.jsp /qnzfvqpeiljtoyvrywrkuvkrmuewzn.jsp /rQFlA.jsp /rakesh.jsp /rmdwahilztwhhqnmcbodkgtbnmrhjx.jsp /shei1.jsp /shell13.jsp /testqqsg.jsp /tomcat74935.jsp /tomcatlogin.jsp /tomcatspring.jsp /tomcatwa.jsp /tomcatwar.jsp /tomjj.jsp /ubekdurthzexowlohzgienbwvexynd.jsp /ufoubgkazumxhqvwlnyfejnmyqofcm.jsp /ujpmauuhltvsokjracgwkbflkhhnwo.jsp /vkmckfvljtpbyowxwhgbjsvyktfdiq.jsp /xcoihpiouaamtnbqqvcvffyxyrokvn.jsp /yjjhhdlxepozhirznemjabnsciycvv.jsp /yutugdqbrossntwaujgxwgrpgczkbd.jsp /zawpiupzzsjexllfbicrgvlcuxzqyb.jsp /zqgwtzyrexctiyvsawmwttncwzoyyd.jsp /zuvuegtemzfsyqjfykowggxpqkuqdp.jsp # Reference: https://twitter.com/andrew_kutuzov/status/1506556755794350081 /07m6.php /0pyi65ryuof /delxxx.php /ibsduhxmyh.php /ibsduhxmyh(token).php /ufiumnnpua.php /ySLKRsrWcbV.php /z6MadcuV3UL.php # Reference: https://unit42.paloaltonetworks.com/cve-2022-22954-vmware-vulnerabilities/ /shell.py # Reference: https://twitter.com/1ZRR4H/status/1532802996362526720 /confluence/testAnt.jsp # Reference: https://secjoes-reports.s3.eu-central-1.amazonaws.com/Backdoor%2Bvia%2BXFF%2BMysterious%2BThreat%2BActor%2BUnder%2BRadar.pdf /dc9b66ce0.php /tunnel123.php # Reference: https://arcticwolf.com/resources/blog/lorenz-ransomware-chiseling-in/ /wc2_deploy # Reference: https://m365internals.com/2022/10/07/hunting-in-on-premises-exchange-server-logs/ /aspnet_netclient/4_0_30319/devilzShell.aspx /aspnet_netclient/4_0_30319/POWERshell.aspx /devilzShell.aspx # Reference: https://www.virustotal.com/gui/file/5d30ce01a19623aaaae84bf3a4cc3ec16811c98f2b6c3a70fcad6e473b0386e6/detection /v3n0mbig.php # Reference: https://twitter.com/r3dbU7z/status/1645318062806126593 /ani_shell.txt /cyb3r-sh3ll.txt /fx29_shell.txt /phpjackal1.3.txt # Reference: https://twitter.com/sicehice/status/1640160970994753537 /cmdsql.aspx /Def0ult.aspx /uploadcmd.aspx # Reference: https://twitter.com/Yeti_Sec/status/1681294210492669953 /sharpjsshell.js # Reference: https://twitter.com/r3dbU7z/status/1691158370231947266 /cihshell.php /marijuana.php # Reference: https://twitter.com/sicehice/status/1694546485864435835 /rootshell # Reference: https://twitter.com/James_inthe_box/status/1711383373246251399 /xt/mmd/shell/ # Reference: https://twitter.com/r3dbU7z/status/1715570648737615991 /eightsix.shell /eightsix.shell_enc # Reference: https://twitter.com/Gi7w0rm/status/1716901758348521850 /b374kpriv.php /Nginx1337.php /b374kpriv.php.txt /Nginx1337.php.txt # Reference: https://twitter.com/sicehice/status/1747030318924677353 /FxCodeShell.jsp # Reference: https://twitter.com/1ZRR4H/status/1751656174515098023 # Reference: https://twitter.com/r3dbU7z/status/1753692024216113625 /php-reverse-shell.php # Reference: https://x.com/cyberfeeddigest/status/1841355658420961704 /1n73ctionshell.rar /1n73ctionshell.txt /adminershell.rar /adminershell.txt /alfashell.rar /alfashell.txt /an0nminishell.rar /an0nminishell.txt /angelshell.rar /angelshell.txt /anonghostshell.rar /anonghostshell.txt /antichatshell.rar /antichatshell.txt /ayanashell.rar /ayanashell.txt /ayyildizteamshell.rar /ayyildizteamshell.txt /b374kminishell.rar /b374kminishell.txt /b374kshell.rar /b374kshell.txt /beyazhackershell.rar /beyazhackershell.txt /bv7binaryshell.rar /bv7binaryshell.txt /c100shell.rar /c100shell.txt /c99shell.rar /c99shell.txt /commandshell.rar /commandshell.txt /cpanelcracker.rar /cpanelcracker.txt /ernebypassshell.rar /ernebypassshell.txt /eviltwinshell.rar /eviltwinshell.txt /g6shell.rar /g6shell.txt /galaupriv8minishell.rar /galaupriv8minishell.txt /galaupriv8shell.rar /galaupriv8shell.txt /galersshell.rar /galersshell.txt /gazashell.rar /gazashell.txt /gel4yshell.rar /gel4yshell.txt /h4ckertrshell.rar /h4ckertrshell.txt /hiddenshell.rar /hiddenshell.txt /indosecshell.rar /indosecshell.txt /indoxploitshell.rar /indoxploitshell.txt /inf3ctshell.rar /inf3ctshell.txt /injectionv3shell.rar /injectionv3shell.txt /k2ll33dshell.rar /k2ll33dshell.txt /k2ll3dshell.rar /k2ll3dshell.txt /kacakshell.rar /kacakshell.txt /kralshell.rar /kralshell.txt /lamashell.rar /lamashell.txt /locus7shell.rar /locus7shell.txt /lolipopshell.rar /lolipopshell.txt /lostdcshell.rar /lostdcshell.txt /massanonshell.rar /massanonshell.txt /massdeface.rar /massdeface.txt /massdefaceshell.rar /massdefaceshell.txt /minishell.rar /minishell.txt /mysqlshell.rar /mysqlshell.txt /ninjashell.rar /ninjashell.txt /phpshell.rar /phpshell.txt /phpspyshell.rar /phpspyshell.txt /pouyaservershell.rar /pouyaservershell.txt /predetor.rar /predetor.txt /r57shell.rar /r57shell.txt /rootshell.rar /rootshell.txt /sadrazamshell.rar /sadrazamshell.txt /safe0vershell.rar /safe0vershell.txt /safemodebypass.rar /safemodebypass.txt /saudishell.rar /saudishell.txt /scorpionshellfinder.rar /scorpionshellfinder.txt /simattackershell.rar /simattackershell.txt /simplebackdoorshell.rar /simplebackdoorshell.txt /simpleghostminishell.rar /simpleghostminishell.txt /smallshell.rar /smallshell.txt /sosyeteshell.rar /sosyeteshell.txt /spademinishell.rar /spademinishell.txt /symlinkshell.rar /symlinkshell.txt /syrianv7shell.rar /syrianv7shell.txt /tryagshell.rar /tryagshell.txt /uploadershell.rar /uploadershell.txt /uploadshell_hima.rar /uploadshell_hima.txt /vhostbypassshell.rar /vhostbypassshell.txt /votrshell.rar /votrshell.txt /webadminshell.rar /webadminshell.txt /webrootshell.rar /webrootshell.txt /wordpressmasspasswordchanger.rar /wordpressmasspasswordchanger.txt /wsoshell.rar /wsoshell.txt /zehir4shell.rar /zehir4shell.txt /zeusshell.rar /zeusshell.txt