Versions (3)
Version DetailsCurrent
Rev: 6 • Apr 7, 2014, 12:00 PMET WEB_SERVER ATTACKER WebShell - Zehir4.asp
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ATTACKER WebShell - Zehir4.asp"; flow:established,to_server; http.uri; content:".asp?mevla=1"; nocase; fast_pattern; reference:url,pastebin.com/m44e60e60; reference:url,www.fidelissecurity.com/webfm_send/377; classtype:web-application-attack; sid:2018370; rev:6; metadata:created_at 2014_04_07, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_23;)
Apr 7, 2014, 12:00 PM
Sep 23, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 22, 2025, 9:34 PM
rules/emerging-web_server.rules