Tag

Webshell

3 briefs RSS

Warlock Group Deploys Web Shells, Tunnels, and Ransomware

The Warlock group utilizes web shells and tunneling to deploy ransomware within compromised environments, impacting victim data confidentiality and availability.

Warlock webshell ransomware tunneling

2r 4t Mar 19, 2026

high advisory

Apache Struts CVE-2023-50164 Exploitation Leading to Web Shell Deployment

2 rules 3 TTPs 1 CVE

Exploitation of CVE-2023-50164, a critical path traversal vulnerability in Apache Struts 2, is detected by identifying malicious multipart/form-data POST requests with WebKitFormBoundary targeting Struts .action upload endpoints, followed by JSP web shell creation in Tomcat's webapps directories, indicating remote code execution.

Struts 2 apache-struts webshell cve-2023-50164 initial-access persistence command-and-control

2r 3t 1c Jan 5, 2024

critical advisory

Weaver E-office Unauthenticated Arbitrary File Upload Vulnerability

2 rules 2 TTPs 1 CVE

Weaver E-office versions prior to 10.0_20221201 are vulnerable to unauthenticated arbitrary file upload in the OfficeServer.php endpoint, allowing attackers to upload PHP webshells and achieve remote code execution.

E-office cve-2022-50993 file-upload webshell rce

2r 2t 1c Jan 3, 2024