Skip to content

Hide Navigation Hide TOC

Antivirus Web Shell Detection (fdf135a2-9241-4f96-a114-bb404948f736)

Detects a highly relevant Antivirus alert that reports a web shell. It's highly recommended to tune this rule to the specific strings used by your anti virus solution by downloading a big WebShell repository from e.g. github and checking the matches. This event must not be ignored just because the AV has blocked the malware but investigate, how it came there in the first place.

Cluster A Galaxy A Cluster B Galaxy B Level
Antivirus Web Shell Detection (fdf135a2-9241-4f96-a114-bb404948f736) Sigma-Rules Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 2