MALWARE-BACKDOOR -- Snort has detected suspicious communication traffic unrelated to commands, such as exfiltration of data from the infected machine, especially larger chunks of data.
MALWARE-BACKDOOR JSP webshell backdoor detected
This event is generated when the download or usage of a JSP Webshell has been detected Impact: Attempted User Privilege Gain Details: This rule detects a JSP webshell used to hiddenly manage an Apache Tomcat server. This webshell allows the attacker to have full control of the server by uploading, downloading, creating, editing and deleting files of the server. It can also open a proxy in the server and allow remote access to the server via a remote terminal. Ease of Attack: Medium
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
None
No information provided
None
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
