FireEye discovered the DEWMODE webshell starting mid-December 2020 after exploitation of zero-day vulnerabilities in Accellion's File Transfer Appliance. It is a PHP webshell that allows threat actors to view and download files in the victim machine. It also contains cleanup function to remove itself and clean the Apache log.
|2021-03-12 ⋅ Recorded Future ⋅ |
DEWMODE Web Shell Used on Accellion FTA Appliances
|2021-03-01 ⋅ FireEye ⋅ |
ACCELLION, INC. File Transfer Appliance (FTA) Security Assessment
|2021-02-24 ⋅ US-CERT ⋅ |
Malware Analysis Report (AR21-055A): Accellion FTA
|2021-02-22 ⋅ FireEye ⋅ |
Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion
There is no Yara-Signature yet.