FuxosDoor

Description

(Trend Micro) FuxosDoor is an IIS backdoor which was deployed and ran on the compromised exchange server. Once it receives a request with a specific URL path, /web.config from the attacker, it will try to extract the encrypted command from the field (ASP.NET_SessionId) in the HTTP header and then execute the received command by using the command prompt (cmd.exe). After, the results will be encrypted and sent back to the attacker’s server.

Names

Name
FuxosDoor

Type

Backdoor

Information

https://www.trendmicro.com/en_us/research/24/k/breaking-down-earth-estries-persistent-ttps-in-prolonged-cyber-o.html

Other Information

Uuid

385fe590-8b1d-4c24-92cd-461a55ecaa7b

Last Card Change

2024-12-26

Threat Intelligence Garden

Explorer

FuxosDoor

FuxosDoor

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks