MALWARE-BACKDOOR -- Snort has detected suspicious communication traffic unrelated to commands, such as exfiltration of data from the infected machine, especially larger chunks of data.
MALWARE-BACKDOOR Php.Malware.Matamu inbound connection attempt
This rule detects a parameter name from the GET request.
The rule detects an attacker's request to interact with webshell Matamu present on a compromised server.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
None
No information provided
None
Tactic: Command and Control
Technique: Standard Application Layer Protocol
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org