AGENTPSD
AGENTPSD is a lightweight Python-based reverse shell malware family, also described as a backup utility or fallback implant. Volexity reported it in a long-running cyber-espionage campaign attributed to the China-nexus espionage actor VerdantBamboo, which overlaps with UNC5221, WARP PANDA, Clay Typhoon, and UTA0178. The malware was deployed to Linux systems, including an Egnyte Storage Sync appliance, a Synology NAS, and a retired Linux-based GroupWise email archive server. It was packaged into a native binary using PyInstaller.
Its primary role was to provide fallback persistence and a backup command channel if the actor’s primary malware, especially BRICKSTORM and in some cases PLENET, became unavailable or stopped functioning. Multiple reports characterize AGENTPSD as a simple/basic Python reverse shell designed to execute if the primary framework vanished. In the Egnyte intrusion, Volexity found persistence configured by modifying /etc/crontab to execute AGENTPSD as root at 14:20 on the 15th day of every month. Reporting states AGENTPSD had been present on the compromised Egnyte system for at least 18 months before discovery, and one account notes it was installed on both the Egnyte appliance and a retired GroupWise archive server but was not actively used.
The malware appeared alongside other VerdantBamboo tooling used against edge and appliance platforms that typically lack EDR coverage. In the observed campaign, the actor used stolen credentials, SSH access, abused an Egnyte sudo misconfiguration for privilege escalation, regained access through an exposed firewall administrative interface without MFA, and later deployed PLENET on a Synology NAS along with AGENTPSD as a backup reverse shell. High-confidence behavioral detail in the provided content is limited to AGENTPSD functioning as a Python reverse shell/fallback implant; no specific AGENTPSD command-and-control domains or hashes are provided in the content.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Groups observed using it
3 distinct threat actors attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.
Volexity tracks this specific python-based backup utility under the name AGENTPSD . This utility would execute a reverse shell if the primary framework vanished .
Using credentials they’d harvested and held in reserve, they re-enabled the SSL VPN on the external firewall, got back in, and deployed a new backdoor family – PLENET on a Synology NAS, along with a backup reverse shell called AGENTPSD.
Using credentials they’d harvested and held in reserve, they re-enabled the SSL VPN on the external firewall, got back in, and deployed a new backdoor family – PLENET on a Synology NAS, along with a backup reverse shell called AGENTPSD.
Techniques & procedures
11 distinct techniques documented for this family, organized by ATT&CK tactic.
Execution
4 techniques
Execution
They added an automated task to run a basic script on a monthly cadence. Volexity tracks this specific python-based backup utility under the name AGENTPSD.
The same malware was found on the MSP’s pfSense firewall in a FreeBSD-compatible variant, obfuscated with a tool called gobfuscate and set to run automatically through a modified cron startup file.
Persistence
3 techniques
Persistence
They added an automated task to run a basic script on a monthly cadence. Volexity tracks this specific python-based backup utility under the name AGENTPSD.
Privilege Escalation
3 techniques
Privilege Escalation
They added an automated task to run a basic script on a monthly cadence. Volexity tracks this specific python-based backup utility under the name AGENTPSD.
Lateral Movement
1 technique
Lateral Movement
Command and Control
5 techniques
Command and Control
AgentPSD is a simple Python-based reverse shell utility that Volexity believes VerdantBamboo used as a fallback persistence mechanism if other malware was no longer accessible.
These BRICKSTORM instances use the websocket protocol handler for connecting to the C2.
deploy additional malware to a Synology Network Attached Storage (NAS) appliance
IOCs tracked for this family
3 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.
File hashes (MD5, SHA-1, SHA-256) from samples and reports.
Recent activity
6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A Python-based backup access utility used as a fallback command channel. It is configured via scheduled tasks and executes a reverse shell if the primary malware framework is unavailable.
A Python-based reverse shell used as a fallback implant if the primary malware stops functioning.
A Python-based reverse shell packaged with PyInstaller as a standalone executable. It opens a TCP connection to a hardcoded C2 and provides shell access. In this campaign it was deployed as a redundant fallback implant on lower-profile systems but was reportedly never actively used.
A lightweight Python reverse shell used by VerdantBamboo as a fallback access mechanism when BRICKSTORM is unavailable or fails.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.