Skip to content

Hide Navigation Hide TOC

Antivirus Web Shell Detection (fdf135a2-9241-4f96-a114-bb404948f736)

Detects a highly relevant Antivirus alert that reports a web shell. It's highly recommended to tune this rule to the specific strings used by your anti virus solution by downloading a big WebShell repository from e.g. github and checking the matches. This event must not be ignored just because the AV has blocked the malware but investigate, how it came there in the first place.

Cluster A Galaxy A Cluster B Galaxy B Level
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Antivirus Web Shell Detection (fdf135a2-9241-4f96-a114-bb404948f736) Sigma-Rules 1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 2