Need help with cryptophp?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

fox-it
129 Stars 51 Forks 25 Commits 0 Opened issues

Description

CryptoPHP Indicators of Compromise

Services available

!
?

Need anything else?

Contributors list

# 173,596
Python
HTML
struct
iocs
23 commits
# 157,769
PHP
Laravel
hierarc...
tree-st...
1 commit

CryptoPHP Indicators of Compromise

This repository contains the indicators of compromise for the CryptoPHP backdoor.

The whitepaper regarding CryptoPHP can be found here:

  • http://blog.fox-it.com/2014/11/18/cryptophp-analysis-of-a-hidden-threat-inside-popular-content-management-systems/

Available IOCs

| filename | description | |-----------------------------------------------|----------------------------------------------------------------------------------------------------------| | file_hashes.csv | Contains the MD5 and SHA1 hashes of the different versions of the backdoor and when they were first seen | | domains.txt | Contains the C2 domains used by the backdoor | | ips.txt | Contains the C2 ip addresses used by the backdoor | | email_addresses.txt | Contains the email addresses used as backup communication by the backdoor |

Available scripts

We created some Python scripts to help administrators identify CryptoPHP:

https://github.com/fox-it/cryptophp/tree/master/scripts

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.