Good image, hope it could be useful for u.
- Traffic monitor
- ”CaiDao” ‘s payload are all in request body.
- “Weevely“‘s payload are all in cookie and spreate to make up again.
- File moitor
- Always include system method
- Encrypt is very common
- Attack origin
- Tor network , proxy server is the common attack origin.
- Night is the high frequency time
- Someone do batch scan at night, unexpectedly it work.
- Attack method
- Web leak and config issue occupy more.
- One sentence Webshell and rebound shell occupy more.
Created with Raphaël 2.1.0Threat IntelligenceThreat IntelligenceWebshell MonitorWebshell MonitorDefender websiteDefender websiteSirpSirpAttacker featurewebshell feature.Analyze system leakEmergency measuresCommunity dataLeak database