PhpSpy

Description

(Symantec) The web shell is a modification of the PhpSpy backdoor and references the author MagicCoder while linking to the (deleted) domain magiccoder.ir. Researching the hacker handle MagicCoder results in references to the Iranian hacking forum Ashiyane as well as defacements by the Iranian hacker group Sun Army.

Names

Name
PhpSpy

Type

Backdoor

Information

https://symantec-blogs.broadcom.com/blogs/threat-intelligence/leafminer-espionage-middle-east

Other Information

Uuid

f1ed9cbd-0da6-4a0a-a728-60df805056fc

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

PhpSpy

PhpSpy

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks