SYMBOLCOMMON_NAMEaka. SYNONYMS
php.dewmode (Back to overview)

DEWMODE


FireEye discovered the DEWMODE webshell starting mid-December 2020 after exploitation of zero-day vulnerabilities in Accellion's File Transfer Appliance. It is a PHP webshell that allows threat actors to view and download files in the victim machine. It also contains cleanup function to remove itself and clean the Apache log.

References
2021-03-12Recorded FutureInsikt Group®
DEWMODE Web Shell Used on Accellion FTA Appliances
DEWMODE
2021-03-01FireEyeFireEye, Mandiant
ACCELLION, INC. File Transfer Appliance (FTA) Security Assessment
DEWMODE
2021-02-24US-CERTCISA, US-CERT
Malware Analysis Report (AR21-055A): Accellion FTA
DEWMODE
2021-02-22FireEyeAndrew Moore, Genevieve Stark, Isif Ibrahima, Kimberly Goody, Van Ta
Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion
DEWMODE Clop

There is no Yara-Signature yet.