Tag

Webshell

4 briefs RSS

Suspicious Processes Spawned by Microsoft Exchange Worker Process

Detects suspicious processes spawned by the Microsoft Exchange Server worker process (w3wp.exe), potentially indicating exploitation or web shell activity.

exploited Exchange Server initial-access webshell exchange-server windows

2r 2t May 12, 2026

critical threat

Warlock Group Deploys Web Shells, Tunnels, and Ransomware

2 rules 4 TTPs

The Warlock group utilizes web shells and tunneling to deploy ransomware within compromised environments, impacting victim data confidentiality and availability.

Warlock webshell ransomware tunneling

2r 4t Mar 19, 2026

high advisory

Apache Struts CVE-2023-50164 Exploitation Leading to Web Shell Deployment

2 rules 3 TTPs 1 CVE

Exploitation of CVE-2023-50164, a critical path traversal vulnerability in Apache Struts 2, is detected by identifying malicious multipart/form-data POST requests with WebKitFormBoundary targeting Struts .action upload endpoints, followed by JSP web shell creation in Tomcat's webapps directories, indicating remote code execution.

Struts 2 apache-struts webshell cve-2023-50164 initial-access persistence command-and-control

2r 3t 1c Jan 5, 2024

critical advisory

Weaver E-office Unauthenticated Arbitrary File Upload Vulnerability

2 rules 2 TTPs 1 CVE

Weaver E-office versions prior to 10.0_20221201 are vulnerable to unauthenticated arbitrary file upload in the OfficeServer.php endpoint, allowing attackers to upload PHP webshells and achieve remote code execution.

E-office cve-2022-50993 file-upload webshell rce

2r 2t 1c Jan 3, 2024