SYMBOLCOMMON_NAMEaka. SYNONYMS
win.blueshell (Back to overview)

BlueShell


According to AhnLab, BlueShell is a backdoor malware developed in Go language, published on Github, and it supports Windows, Linux, and Mac operating systems. Currently, the original Github repository is presumed to have been deleted, but the BlueShell source code can still be obtained from other repositories. It features an explanatory ReadMe file in Chinese, indicating the possibility that the creator is a Chinese user.

References
2023-09-11AhnLabSanseo
@online{sanseo:20230911:blueshell:cb4c87d, author = {Sanseo}, title = {{BlueShell Used in APT Attacks Against Korean and Thai Targets}}, date = {2023-09-11}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/56941/}, language = {English}, urldate = {2023-11-17} } BlueShell Used in APT Attacks Against Korean and Thai Targets
BlueShell Sliver
2023-09-05AhnLabSanseo
@online{sanseo:20230905:blueshell:da706ff, author = {Sanseo}, title = {{BlueShell malware used in APT attacks targeting Korea and Thailand}}, date = {2023-09-05}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/56715/}, language = {Korean}, urldate = {2023-09-07} } BlueShell malware used in APT attacks targeting Korea and Thailand
BlueShell SparkRAT
2023-02-13AhnLabkingkimgim
@online{kingkimgim:20230213:dalbit:a256572, author = {kingkimgim}, title = {{Dalbit (m00nlight): Chinese Hacker Group’s APT Attack Campaign}}, date = {2023-02-13}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/47455/}, language = {English}, urldate = {2023-11-17} } Dalbit (m00nlight): Chinese Hacker Group’s APT Attack Campaign
Godzilla Webshell ASPXSpy BlueShell CHINACHOPPER Cobalt Strike Ladon MimiKatz

There is no Yara-Signature yet.