Python
Need help with cryptophp?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.
fox-it

Description

CryptoPHP Indicators of Compromise

129 Stars 49 Forks 25 Commits 0 Opened issues

Services available

Need anything else?

CryptoPHP Indicators of Compromise

This repository contains the indicators of compromise for the CryptoPHP backdoor.

The whitepaper regarding CryptoPHP can be found here:

  • http://blog.fox-it.com/2014/11/18/cryptophp-analysis-of-a-hidden-threat-inside-popular-content-management-systems/

Available IOCs

| filename | description | |-----------------------------------------------|----------------------------------------------------------------------------------------------------------| | file_hashes.csv | Contains the MD5 and SHA1 hashes of the different versions of the backdoor and when they were first seen | | domains.txt | Contains the C2 domains used by the backdoor | | ips.txt | Contains the C2 ip addresses used by the backdoor | | email_addresses.txt | Contains the email addresses used as backup communication by the backdoor |

Available scripts

We created some Python scripts to help administrators identify CryptoPHP:

https://github.com/fox-it/cryptophp/tree/master/scripts

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.