T1505.003 Web Shell Mappings

Adversaries may backdoor web servers with web shells to establish persistent access to systems. A Web shell is a Web script that is placed on an openly accessible Web server to allow an adversary to use the Web server as a gateway into a network. A Web shell may provide a set of functions to execute or a command-line interface on the system that hosts the Web server.

In addition to a server-side script, a Web shell may have a client interface program that is used to talk to the Web server (ex: China Chopper Web shell client).(Citation: Lee 2013)



Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
azure_security_center_recommendations Azure Security Center Recommendations technique_scores T1505.003 Web Shell
linux_auditd_alerts_and_log_analytics_agent_integration Linux auditd alerts and Log Analytics agent integration technique_scores T1505.003 Web Shell
azure_sentinel Azure Sentinel technique_scores T1505.003 Web Shell