montysecurity
commented
2 months ago This is an interesting one. I see potential for a threat actor to abuse this obviously, but do you know if there is a record of a TA abusing Vshell?
Closed corumir closed 2 months ago
montysecurity
commented
2 months ago This is an interesting one. I see potential for a threat actor to abuse this obviously, but do you know if there is a record of a TA abusing Vshell?
corumir
commented
2 months ago I appreciate the double check.
Please add "VShell" to the tracking. https://malpedia.caad.fkie.fraunhofer.de/details/win.vshell https://search.censys.io/search?q=services.http.response.html_tags%3D%22%3Ctitle%3EVshell+-+%E7%99%BB%E5%BD%95%3C%2Ftitle%3E%22&resource=hosts
That's what I get for late night attempts. Will perform better double checks before submitting. You'll note that this Vshell matches the C2 on https://github.com/veo/vshell.
I was mistaken and flagged Vandyke instead.
montysecurity
commented
2 months ago Ah I see. No problem. Added this, thanks! Commit: https://github.com/montysecurity/C2-Tracker/commit/6c094e1f4e91da3795f18d975bff7657371fa596
product:"VanDyke VShell" https://www.shodan.io/search?query=product%3A%22VanDyke+VShell%22
Censys verification: services.software.product: {Vshell}