Webshell Detection Suspicious Children

Rule Info

Name
Webshell Detection Suspicious Children
Description
Detects certain children of web server processes based on image name and command line contents
Modified
None
Date
2022-03-22 00:00:00
Author
Florian Roth, Jonhnathan Ribeiro, Anton Kutepov, oscd.community
Tags
attack.persistence attack.t1018 attack.t1087 attack.t1505.003 attack.t1033
Id
9a8e8057-32a7-432d-bf80-197dacf1a77f
Type
Nextron Sigma feed only (private)

Rule History