Title:Suspicious File Write to Webapps Root Directory Status:experimental Description:Detects suspicious file writes to the root directory of web applications, particularly Apache web servers or Tomcat servers.
This may indicate an attempt to deploy malicious files such as web shells or other unauthorized scripts.
References: -https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/ Author: Swachchhanda Shrawan Poudel (Nextron Systems) Date: 2025-10-20 modified:None Tags: