
Rule Info
Name
Webshell Detection Suspicious Children
Description
Detects certain children of web server processes based on image name and command line contents
Modified
None
Date
2022-03-22 00:00:00
Author
Florian Roth, Jonhnathan Ribeiro, Anton Kutepov, oscd.community
Tags
attack.persistence attack.t1018 attack.t1087 attack.t1505.003 attack.t1033
Id
9a8e8057-32a7-432d-bf80-197dacf1a77f
Type
Nextron Sigma feed only (private)