cryptophp icon indicating copy to clipboard operation
cryptophp copied to clipboard

Published 20 hours ago verified publisher icon fox-it

Metadata

CryptoPHP Indicators of Compromise

CryptoPHP Indicators of Compromise

This repository contains the indicators of compromise for the CryptoPHP backdoor.

The whitepaper regarding CryptoPHP can be found here:

  • http://blog.fox-it.com/2014/11/18/cryptophp-analysis-of-a-hidden-threat-inside-popular-content-management-systems/

Available IOCs

filename description
file_hashes.csv Contains the MD5 and SHA1 hashes of the different versions of the backdoor and when they were first seen
domains.txt Contains the C2 domains used by the backdoor
ips.txt Contains the C2 ip addresses used by the backdoor
email_addresses.txt Contains the email addresses used as backup communication by the backdoor

Available scripts

We created some Python scripts to help administrators identify CryptoPHP:

https://github.com/fox-it/cryptophp/tree/master/scripts

Metadata

129
Stars
52
Forks
Watchers

Owner

verified publisher icon fox-it

Metadata

CryptoPHP Indicators of Compromise

Back