Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
2 Hours |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
Webshell Analytics |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
Web server process had written an executable file that was executed shortly after.
Attacker's Goals
Gaining the ability to execute commands on the host, as well as persistence.
Investigative actions
- Investigate the web server access logs for suspicious behavior.
- Check if the dropped file contains malicious content.