Malware: Caterpillar WebShell

Description

[Caterpillar WebShell](https://attack.mitre.org/software/S0572) is a self-developed Web Shell tool created by the group [Volatile Cedar](https://attack.mitre.org/groups/G0123).(Citation: ClearSky Lebanese Cedar Jan 2021)

External References

• mitre-attack
• ClearSky Lebanese Cedar Jan 2021
• CheckPoint Volatile Cedar March 2015

Techniques Used by This Malware

• T1005 — Data from Local System
• T1007 — System Service Discovery
• T1014 — Rootkit
• T1016 — System Network Configuration Discovery
• T1033 — System Owner/User Discovery
• T1041 — Exfiltration Over C2 Channel
• T1046 — Network Service Discovery
• T1057 — Process Discovery
• T1059.003 — Windows Command Shell
• T1069.001 — Local Groups
• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1105 — Ingress Tool Transfer
• T1110 — Brute Force
• T1112 — Modify Registry

APT Groups Using This Malware

• Volatile Cedar