Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER IIS ISN BackDoor Command GetLog"; flow:established,to_server; http.uri; content:"isn_getlog"; nocase; fast_pattern; pcre:"/[?&]isn_getlog/i"; reference:url,blog.spiderlabs.com/2013/12/the-curious-case-of-the-malicious-iis-module.html; classtype:trojan-activity; sid:2017820; rev:7; metadata:created_at 2013_12_10, signature_severity Major, updated_at 2020_09_22;)