Malware
DEWMODE
FireEye discovered the DEWMODE webshell starting mid-December 2020 after exploitation of zero-day vulnerabilities in Accellion's File Transfer Appliance.
DEWMODE is a PHP malware family.
Background
FireEye first observed the DEWMODE webshell from mid-December 2020 onward, following the exploitation of zero-day flaws in Accellion's File Transfer Appliance. Written in PHP, the webshell lets attackers browse and exfiltrate files from the compromised host, and it also ships with a cleanup routine that deletes itself and scrubs the Apache log.
Source: Malpedia (Fraunhofer FKIE).