{"id":28486158,"url":"https://github.com/fox-it/cryptophp","last_synced_at":"2025-07-02T12:31:52.224Z","repository":{"id":23539049,"uuid":"26905936","full_name":"fox-it/cryptophp","owner":"fox-it","description":"CryptoPHP Indicators of Compromise","archived":false,"fork":false,"pushed_at":"2014-12-03T11:42:08.000Z","size":255,"stargazers_count":129,"open_issues_count":0,"forks_count":49,"subscribers_count":36,"default_branch":"master","last_synced_at":"2025-06-08T01:11:24.292Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fox-it.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-11-20T09:49:45.000Z","updated_at":"2024-10-15T12:58:03.000Z","dependencies_parsed_at":"2022-08-22T01:31:15.115Z","dependency_job_id":null,"html_url":"https://github.com/fox-it/cryptophp","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/fox-it/cryptophp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2Fcryptophp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2Fcryptophp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2Fcryptophp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2Fcryptophp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fox-it","download_url":"https://codeload.github.com/fox-it/cryptophp/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2Fcryptophp/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263140352,"owners_count":23419862,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-08T01:10:25.205Z","updated_at":"2025-07-02T12:31:52.216Z","avatar_url":"https://github.com/fox-it.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"CryptoPHP Indicators of Compromise\n==================================\n\nThis repository contains the indicators of compromise for the CryptoPHP backdoor.\n\nThe whitepaper regarding CryptoPHP can be found here:\n\n * http://blog.fox-it.com/2014/11/18/cryptophp-analysis-of-a-hidden-threat-inside-popular-content-management-systems/\n\n### Available IOCs\n\n| filename                                      | description                                                                                              |\n|-----------------------------------------------|----------------------------------------------------------------------------------------------------------|\n| *[file_hashes.csv](file_hashes.csv)*          | Contains the MD5 and SHA1 hashes of the different versions of the backdoor and when they were first seen |\n| *[domains.txt](domains.txt)*                  | Contains the C2 domains used by the backdoor                                                             |\n| *[ips.txt](ips.txt)*                          | Contains the C2 ip addresses used by the backdoor                                                        |\n| *[email_addresses.txt](email_addresses.txt)*  | Contains the email addresses used as backup communication by the backdoor                                |\n \n\n### Available scripts\n\nWe created some Python scripts to help administrators identify CryptoPHP:\n\n[https://github.com/fox-it/cryptophp/tree/master/scripts](https://github.com/fox-it/cryptophp/tree/master/scripts)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffox-it%2Fcryptophp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffox-it%2Fcryptophp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffox-it%2Fcryptophp/lists"}