S0564Windows

S0564BlackMould

Platforms
1
ATT&CK
14.1
References
2

Description

[BlackMould](https://attack.mitre.org/software/S0564) is a web shell based on [China Chopper](https://attack.mitre.org/software/S0020) for servers running Microsoft IIS. First reported in December 2019, it has been used in malicious campaigns by [GALLIUM](https://attack.mitre.org/groups/G0093) against telecommunication providers.(Citation: Microsoft GALLIUM December 2019)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupGALLIUMg0093100%live

References

  1. https://attack.mitre.org/software/S0564
  2. https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
BLACKCOFFEE
Software
China Chopper
Software
EVILNUM
Software
ShimRat
Software
BADFLICK
Software
SMOKEDHAM
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.