Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)
Adversaries may backdoor web servers with web shells to establish persistent access to systems. A Web shell is a Web script that is placed on an openly accessible Web server to allow an adversary to access the Web server as a gateway into a network. A Web shell may provide a set of functions to execute or a command-line interface on the system that hosts the Web server.(Citation: volexity_0day_sophos_FW)
In addition to a server-side script, a Web shell may have a client interface program that is used to talk to the Web server (e.g. China Chopper Web shell client).(Citation: Lee 2013)
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) | Attack Pattern | Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) | Attack Pattern | 1 |