Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ClamAV>
  3. win32
[clamav-users] Exchange attacks...
eric-list at truenet
Mar 13, 2021, 5:12 PM
Post #1 of 2 (205 views)
Permalink
Joel, Micah,

Just as a side note, I was compromised with everyone else, but thankfully have mitigated before things got too out of hand from what I can tell.
Looks like the webshells are both caught from a scan I just did to test out:
Asp.Trojan.Webshell0321-9840176-0

Thanks for the update….

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
Re: [clamav-users] Exchange attacks... [ In reply to ]
clamav-users at lists
Mar 15, 2021, 10:28 AM
Post #2 of 2 (205 views)
Permalink
Hello Eric,

You’re saying that you were caught up in the Exchange attacks, but ClamAV was able to catch an installed Webshell?


--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org

On Mar 13, 2021, at 8:12 PM, Eric Tykwinski <eric-list@truenet.com<mailto:eric-list@truenet.com>> wrote:

Joel, Micah,

Just as a side note, I was compromised with everyone else, but thankfully have mitigated before things got too out of hand from what I can tell.
Looks like the webshells are both caught from a scan I just did to test out:
Asp.Trojan.Webshell0321-9840176-0

Thanks for the update….

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal