Versions (3)
Version DetailsCurrent
Rev: 3 • Feb 24, 2015, 12:00 PMET WEB_SERVER ATTACKER WebShell - Weevely - Cookie
alert http any any -> $EXTERNAL_NET any (msg:"ET WEB_SERVER ATTACKER WebShell - Weevely - Cookie"; flow:established,to_server; http.header; content:"ing|3a| identity|0D 0A|Host|3a|"; http.cookie; content:"SESS="; content:"|3B| SID="; distance:0; content:"|3B| PREF="; distance:0; content:"|3B|SSID="; distance:0; classtype:trojan-activity; sid:2020557; rev:3; metadata:created_at 2015_02_24, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_05_15;)
Feb 24, 2015, 12:00 PM
May 15, 2020, 12:00 PM
Feb 24, 2015, 12:00 PM
Oct 21, 2025, 10:35 PM
rules/emerging-web_server.rules