Skip to content

Hide Navigation Hide TOC

Suspicious File Write to Webapps Root Directory (89c42960-f244-4dad-9151-ae9b1a3287a2)

Detects suspicious file writes to the root directory of web applications, particularly Apache web servers or Tomcat servers. This may indicate an attempt to deploy malicious files such as web shells or other unauthorized scripts.

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious File Write to Webapps Root Directory (89c42960-f244-4dad-9151-ae9b1a3287a2) Sigma-Rules Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 1
Suspicious File Write to Webapps Root Directory (89c42960-f244-4dad-9151-ae9b1a3287a2) Sigma-Rules Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern 1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 2