HrServ – Previously unknown web shell used in APT attack

Introduction In the course of our routine investigation, we discovered a DLL file, identified as hrserv.dll, which is a previously unknown web shell exhibiting sophisticated features such as custom encoding methods for client communication and in-memory execution. Our analysis of the sample led to the discovery of related variants compiled in 2021, indicating a potential correlation between these separate occurrences of malicious activity. Initial infection According to our telemetry data, the P… Read More

Source: APT reports – Securelist

Published on: November 22, 2023

HrServ – Previously unknown web shell used in APT attack

Leave a Reply Cancel reply

Stay Updated with Our Newsletter

Featured

Threat Actor Interview: Spotlighting on Pryx – Admin of the Hellcat Ransomware Group

Cryptocurrency Investigation using OSINT Tools

Filter Posts by Date

Recent Posts

Explore Topics

Press ESC to close

HrServ – Previously unknown web shell used in APT attack

Related posts:

Leave a Reply Cancel reply

Stay Updated with Our Newsletter

Featured

Threat Actor Interview: Spotlighting on Pryx – Admin of the Hellcat Ransomware Group

Cryptocurrency Investigation using OSINT Tools

Filter Posts by Date

Recent Posts

Explore Topics