Caterpillar WebShell is a self-developed Web Shell tool created by the group Volatile Cedar.[1]
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1110 | Brute Force |
Caterpillar WebShell has a module to perform brute force attacks on a system.[1] |
|
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
Caterpillar WebShell can run commands on the compromised asset with CMD functions.[1] |
Enterprise | T1005 | Data from Local System |
Caterpillar WebShell has a module to collect information from the local database.[1] |
|
Enterprise | T1041 | Exfiltration Over C2 Channel |
Caterpillar WebShell can upload files over the C2 channel.[1] |
|
Enterprise | T1083 | File and Directory Discovery |
Caterpillar WebShell can search for files in directories.[1] |
|
Enterprise | T1105 | Ingress Tool Transfer |
Caterpillar WebShell has a module to download and upload files to the system.[1] |
|
Enterprise | T1112 | Modify Registry |
Caterpillar WebShell has a command to modify a Registry key.[1] |
|
Enterprise | T1046 | Network Service Discovery |
Caterpillar WebShell has a module to use a port scanner on a system.[1] |
|
Enterprise | T1069 | .001 | Permission Groups Discovery: Local Groups |
Caterpillar WebShell can obtain a list of local groups of users from a system.[1] |
Enterprise | T1057 | Process Discovery |
Caterpillar WebShell can gather a list of processes running on the machine.[1] |
|
Enterprise | T1014 | Rootkit |
Caterpillar WebShell has a module to use a rootkit on a system.[1] |
|
Enterprise | T1082 | System Information Discovery |
Caterpillar WebShell has a module to gather information from the compromrised asset, including the computer version, computer name, IIS version, and more.[1] |
|
Enterprise | T1016 | System Network Configuration Discovery |
Caterpillar WebShell can gather the IP address from the victim's machine using the IP config command.[1] |
|
Enterprise | T1033 | System Owner/User Discovery |
Caterpillar WebShell can obtain a list of user accounts from a victim's machine.[1] |
|
Enterprise | T1007 | System Service Discovery |
Caterpillar WebShell can obtain a list of the services from a system.[1] |
ID | Name | References |
---|---|---|
G0123 | Volatile Cedar |