Aliases
冰蝎 (Bing Xie)
Tags
Webshell
Techniques
Webshell deploymentReverse shell
Incidents
RevivalStone Campaign by Winnti
References
https://www.sangfor.com/blog/cybersecurity/behinder-v30-analysis
Last edited
Feb 20, 2025 3:02 PM
Behinder is multi-platform web shell designed to provide persistent remote access to compromised web servers. Developed by a Chinese-speaking author, it supports various server-side languages, including JSP, ASP.NET, PHP, and ASP, making it versatile across different environments. Behinder facilitates encrypted command-and-control (C2) communications using AES encryption, which helps evade detection by security tools. Its capabilities include executing arbitrary commands, managing files, and establishing reverse shells.