Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 20:14:34 UTC
Home > List all groups > List all tools > List all groups using tool Reshell
 Tool: Reshell
Names Reshell
Category Malware
Type Backdoor
Description
(Palo Alto) Following the creation of the users and the reconnaissance activity, the attackers
attempted to execute a previously undocumented .NET backdoor, which they named
windows.exe. We named this threat Reshell based on its program database (PDB) path.
Information Malpedia Last change to this tool card: 27 December 2024
Download this tool card in JSON format
All groups using tool Reshell
Changed Name Country Observed
APT groups
 Earth Krahang 2022
 Gallium 2018-Jun 2022
2 groups listed (2 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=695b8976-7390-45ec-a406-b8a01202bf8b
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=695b8976-7390-45ec-a406-b8a01202bf8b
Page 1 of 1