Hello Eric,

You’re saying that you were caught up in the Exchange attacks, but ClamAV was able to catch an installed Webshell?


-- 
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org

On Mar 13, 2021, at 8:12 PM, Eric Tykwinski <eric-list@truenet.com> wrote:

Joel, Micah,

Just as a side note, I was compromised with everyone else, but thankfully have mitigated before things got too out of hand from what I can tell.
Looks like the webshells are both caught from a scan I just did to test out:
Asp.Trojan.Webshell0321-9840176-0

Thanks for the update….

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300