Server Software Component: Web Shell (T1505.003)
Tactic: Persistence · Platforms: Linux, macOS, Network Devices, Windows
The interactive view maps 1 detection strategy, 2 mitigations, 31 threat groups, 22 software entries, 13 campaigns to this technique, alongside D3FEND countermeasures and data-component coverage.
Sub-technique of Server Software Component (T1505).
Overview
Adversaries may backdoor web servers with web shells to establish persistent access to systems. A Web shell is a Web script that is placed on an openly accessible Web server to allow an adversary to access the Web server as a gateway into a network. A Web shell may provide a set of functions to execute or a command-line interface on the system that hosts the Web server.
In addition to a server-side script, a Web shell may have a client interface program that is used to talk to the Web server (e.g. China Chopper Web shell client).