 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: ZXShell| Names | ZXShell Sensocode | |
| Category | Malware | |
| Type | Reconnaissance, Backdoor, Keylogger, Info stealer, Exfiltration, Tunneling, DDoS | |
| Description | (FireEye) ZXSHELL is a backdoor that can be downloaded from the internet, particularly Chinese hacker websites. The backdoor can launch port scans, run a keylogger, capture screenshots, set up an HTTP or SOCKS proxy, launch a reverse command shell, cause SYN floods, and transfer/delete/run files. The publicly available version of the tool provides a graphical user interface that malicious actors can use to interact with victim backdoors. Simplified Chinese is the language used for the bundled ZXSHELL documentation. | |
| Information | <https://paper.bobylive.com/Security/APT_Report/APT-41.pdf> <https://github.com/smb01/zxshell> <https://blogs.cisco.com/security/talos/opening-zxshell> | |
| MITRE ATT&CK | <https://attack.mitre.org/software/S0412/> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.zxshell> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:zxshell> | |
Last change to this tool card: 14 May 2020
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
| APT 41 |  | 2012-Feb 2023 |  | ||
| Axiom, Group 72 | | 2008-2008/2014 | |||
| Emissary Panda, APT 27, LuckyMouse, Bronze Union | | 2010-Aug 2023 | |||
| Leviathan, APT 40, TEMP.Periscope | | 2013-Jul 2021 | | ||
| PassCV | | 2016 | |||
5 groups listed (5 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |