← Back to Explore
sigmahighHunting
Shellshock Expression
Detects shellshock expressions in log files
Detection Query
keywords:
- (){:;};
- () {:;};
- () { :;};
- () { :; };
condition: keywords
Author
Florian Roth (Nextron Systems)
Created
2017-03-14
Data Sources
linux
Platforms
linux
Tags
attack.persistenceattack.t1505.003
Raw Content
title: Shellshock Expression
id: c67e0c98-4d39-46ee-8f6b-437ebf6b950e
status: test
description: Detects shellshock expressions in log files
references:
- https://owasp.org/www-pdf-archive/Shellshock_-_Tudor_Enache.pdf
author: Florian Roth (Nextron Systems)
date: 2017-03-14
modified: 2022-10-09
tags:
- attack.persistence
- attack.t1505.003
logsource:
product: linux
detection:
keywords:
- '(){:;};'
- '() {:;};'
- '() { :;};'
- '() { :; };'
condition: keywords
falsepositives:
- Unknown
level: high