misc_shells in www.dctel.net

On 2019-01-20T15:27:18.850853+00:00 we found suspicious pattern misc_shells, type: Indicator of compromise, in the page http://www.dctel.net/bn/adjs.php?n=7593… referenced from http://www.top.zp.ua/ .

The suspicious code sample:

b'file_get_contents('

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!