Home > List all groups > List all tools > List all groups using tool PHPsert

Threat Group Cards: A Threat Actor Encyclopedia

Names	PHPsert
Category	Malware
Type	Backdoor
Description	(SentinelLabs) PHPsert executes attacker-provided PHP code using the assert function, which, in PHP versions prior to 8.0.0, interprets and runs parameter strings as PHP code. To hinder static analysis and evade detection, the webshell uses various code obfuscation techniques, including XOR encoding, hexadecimal character representation, string concatenation, and randomized variable names.
Information	<https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/>

Last change to this tool card: 27 December 2024

Download this tool card in JSON format

1 group listed (1 APT, 0 other, 0 unknown)

APT groups