DEWMODE (Malware Family)

DEWMODE

FireEye discovered the DEWMODE webshell starting mid-December 2020 after exploitation of zero-day vulnerabilities in Accellion's File Transfer Appliance. It is a PHP webshell that allows threat actors to view and download files in the victim machine. It also contains cleanup function to remove itself and clean the Apache log.

References

2021-03-12 ⋅ Recorded Future ⋅ Insikt Group®
DEWMODE Web Shell Used on Accellion FTA Appliances
DEWMODE

2021-03-01 ⋅ FireEye ⋅ FireEye, Mandiant
ACCELLION, INC. File Transfer Appliance (FTA) Security Assessment
DEWMODE

2021-02-24 ⋅ US-CERT ⋅ CISA, US-CERT
Malware Analysis Report (AR21-055A): Accellion FTA
DEWMODE

2021-02-22 ⋅ FireEye ⋅ Andrew Moore, Genevieve Stark, Isif Ibrahima, Kimberly Goody, Van Ta
Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion
DEWMODE Clop

There is no Yara-Signature yet.

DEWMODE Propose Change

References

DEWMODE