Caterpillar

Description

(ClearSky) Acting as a focal point, the group usually attacks webservers via a custom WebShell, namely Caterpillar – a variant of the open source WebShell ‘ASPXSpy’. By using WebShell, the attackers leave their fingerprint on the web server and the internal network, move laterally, and deploy additional tools. On each compromised network the attacker installed one or more WebShell, supposedly to gain persistence and diversify the use of similar tools. The attackers use the WebShell to communicate with their C&C server for running commands and exfiltrating sensitive information. Connection to the WebShell is made using NordVPN or ExpressVPN services.

Names

Name
Caterpillar

Type

Reconnaissance
Backdoor
Info stealer
Downloader

Information

https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf

Other Information

Uuid

608a396b-d841-425f-955c-4d1ee77d65e5

Last Card Change

2021-04-19

Threat Intelligence Garden

Explorer

Caterpillar

Caterpillar

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks