{
	"id": "717ac51c-0d19-49f5-958a-389bd3fe3a1d",
	"created_at": "2026-04-06T00:18:27.195213Z",
	"updated_at": "2026-04-10T03:21:19.248674Z",
	"deleted_at": null,
	"sha1_hash": "b09fb75b7357387ee833e0fa1bbebd1f46901168",
	"title": "pl.backdoor.connectback.001 - Sucuri Labs",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 36271,
	"plain_text": "pl.backdoor.connectback.001 - Sucuri Labs\r\nPublished: 2019-04-02 · Archived: 2026-04-05 13:38:14 UTC\r\nBackdoors are server-side malicious scripts which are intended to perpetrate malicious acccess to the server. The\r\ntypical example of such backdoors are various File Managers, Web Shells, tools for bypassing admin login or\r\nvarious one-purpose scripts allowing the attacker to upload and run another type of malicious scripts. The payload\r\nis PHP based, thus intended for server-side use and the payload is executed directly on the server, while the site is\r\nloaded. Only the payload result (such as Web Shell environment) is visible in the browser, not the malicious code\r\nitself. It's very common, that backdoors don't have any visible signs in the site code and it's impossible to detect\r\nthem by accessing the infected site from outside. Server level analysis is necessary in case of infection by this type\r\nof malware.\r\nThis malware when executed connect back to the attacker server and accept arbitrary commands, permitting the\r\nattacker to have full control of the server.\r\nAffecting\r\nAny vulnerable website with perl support. Outdated software or compromised passwords can act as an infection\r\nvector.\r\nCleanup\r\nInspect your server looking for any unknown perl file and remove them. Also, you can sign up with us and let our\r\nteam remove the malware for you.\r\nDump\r\n#!/usr/bin/perl\r\nuse Socket;\r\nprint \"Data Cha0s Connect Back Backdoornn\";\r\nif (!$ARGV[0]) {\r\nprintf \"Usage: $0 [Host] \u003cPort\u003en\";\r\nexit(1);\r\n}\r\nSource: https://labs.sucuri.net/signatures/malwares/pl-backdoor-connectback-001/\r\nhttps://labs.sucuri.net/signatures/malwares/pl-backdoor-connectback-001/\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://labs.sucuri.net/signatures/malwares/pl-backdoor-connectback-001/"
	],
	"report_names": [
		"pl-backdoor-connectback-001"
	],
	"threat_actors": [],
	"ts_created_at": 1775434707,
	"ts_updated_at": 1775791279,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b09fb75b7357387ee833e0fa1bbebd1f46901168.pdf",
		"text": "https://archive.orkl.eu/b09fb75b7357387ee833e0fa1bbebd1f46901168.txt",
		"img": "https://archive.orkl.eu/b09fb75b7357387ee833e0fa1bbebd1f46901168.jpg"
	}
}