ZXShell

Description

(FireEye) ZXSHELL is a backdoor that can be downloaded from the internet, particularly Chinese hacker websites. The backdoor can launch port scans, run a keylogger, capture screenshots, set up an HTTP or SOCKS proxy, launch a reverse command shell, cause SYN floods, and transfer/delete/run files. The publicly available version of the tool provides a graphical user interface that malicious actors can use to interact with victim backdoors. Simplified Chinese is the language used for the bundled ZXSHELL documentation.

Names

Name
ZXShell
Sensocode

Type

Reconnaissance
Backdoor
Keylogger
Info stealer
Exfiltration
Tunneling
DDoS

Information

https://paper.bobylive.com/Security/APT_Report/APT-41.pdf
https://github.com/smb01/zxshell
https://blogs.cisco.com/security/talos/opening-zxshell

Mitre Attack

https://attack.mitre.org/software/S0412/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.zxshell

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:zxshell

Other Information

Uuid

b63bf358-4d19-4729-b6bb-dfd6588f44e0

Last Card Change

2020-05-14

Threat Intelligence Garden

Explorer

ZXShell

ZXShell

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks