Versions (2)
Version DetailsCurrent
Rev: 8 • Dec 10, 2013, 12:00 PMET WEB_SERVER IIS ISN BackDoor Command Get Logpath
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER IIS ISN BackDoor Command Get Logpath"; flow:established,to_server; http.uri; content:"isn_logpath"; nocase; fast_pattern; pcre:"/[?&]isn_logpath/i"; reference:url,blog.spiderlabs.com/2013/12/the-curious-case-of-the-malicious-iis-module.html; classtype:trojan-activity; sid:2017822; rev:8; metadata:created_at 2013_12_10, signature_severity Major, updated_at 2020_10_01;)
Dec 10, 2013, 12:00 PM
Oct 1, 2020, 12:00 PM
Dec 10, 2013, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-web_server.rules