Skip to content

Hide Navigation Hide TOC

Antivirus Web Shell Detection (fdf135a2-9241-4f96-a114-bb404948f736)

Detects a highly relevant Antivirus alert that reports a web shell. It's highly recommended to tune this rule to the specific strings used by your anti virus solution by downloading a big webshell repo from e.g. github and checking the matches.

Cluster A Galaxy A Cluster B Galaxy B Level
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Antivirus Web Shell Detection (fdf135a2-9241-4f96-a114-bb404948f736) Sigma-Rules 1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 2