HOMETHREATSc99shell
APT / THREAT GROUP

c99shell

3
aliases
Last seen:Mar 17, 2026

Intelligence Profile

C99shell is a PHP backdoor that provides a lot of functionality, for example:

* run shell commands;

* download/upload files from and to the server (FTP functionality);

* full access to all files on the hard disk;

* self-delete functionality.

Threat Analysis

c99shell is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases3

Also Known As

c99c99shellphp.c99

External Intelligence

Malpedia: php.c99

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.