Webshell ReGeorg Detection Via Web Logs (2ea44a60-cfda-11ea-87d0-0242ac130003)

Certain strings in the uri_query field when combined with null referer and null user agent can indicate activity associated with the webshell ReGeorg.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Webshell ReGeorg Detection Via Web Logs (2ea44a60-cfda-11ea-87d0-0242ac130003)	Sigma-Rules	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	2