Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

JSP Web Shell Detection (China Chopper)



PVS detected suspicious Command and Control (CnC) activity.


PVS detected suspicious activity that indicates a remote client interacting and issuing commands on the server via a remote web shell. Once uploaded, an attacker can use other techniques to escalate privileges and issue commands remotely. The remote commands issued have the same privilege and functionality available to the web server and may include the ability to add or delete files, run shell commands, and execute additional exploitation methods.


Search for JSP scripts containing the 'eval()' function and conduct a forensic examination to determine how the vulnerable JSP payload was installed on the server. Also, check for any additional unauthorized changes.