HrServ – Previously unknown web shell used in APT attack [Wednesday, November 22, 2023]

HrServ – Previously unknown web shell used in APT attack [Wednesday, November 22, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/ATTACK-REPORT-LOGO-2.png
Report

HrServ – Previously unknown web shell used in APT attack

Description :
Kaspersky reports on a newly discovered a DLL file, identified as hrserv.dll, which is a previously unknown web shell exhibiting sophisticated features such as custom encoding methods for client communication and in-memory execution.

Published :
2023-11-22T16:12:32.512Z

Created :
2023-11-22T16:12:32.512Z

Modified :
2023-11-22T16:28:47.213Z

Tags

  • apt
  • webshell
  • hrserv

Indicators

Hashes :
  • f38517692ab3e817182a396a407d9fe1c260c89bb6b733764737562f235115f0
  • 8043e6c6b5e9e316950ddb7060883de119e54f226ab7a320b743be99b9c10ec5
Attacks Pattern :
  • T1053
  • T1573
  • T1001
External References :

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.