Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 23:42:56 UTC
Home > List all groups > List all tools > List all groups using tool WSO
 Tool: WSO
Names
WSO
Webshell by Orb
Category Tools
Type Reconnaissance, Backdoor, Info stealer, Credential stealer, Exfiltration
Description
(Wordfence) WSO is a favorite web shell among hackers because of its particularly powerful
set of features.
• Password protection
• Server information disclosure
• File management features like uploading, downloading, or editing files, creating directories,
browsing through directories, and searching for text in files
• Command-line console
• Database administration
• PHP code execution
• Encoding and decoding text input
• Brute-force attacks against FTP or database servers
• Installation of a Perl script to act as a more direct backdoor on the server
Information
Malpedia Last change to this tool card: 13 May 2020
Download this tool card in JSON format
All groups using tool WSO
Changed Name Country Observed
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fff602e8-3cc4-4ff6-bfb4-1bc14d8c5a6f
Page 1 of 2

APT groups
  Energetic Bear, Dragonfly 2010-Mar 2022
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fff602e8-3cc4-4ff6-bfb4-1bc14d8c5a6f
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fff602e8-3cc4-4ff6-bfb4-1bc14d8c5a6f
Page 2 of 2