Rule History

alert tcp $EXTERNAL_NET any -> $HOME_NET 3306 (msg:"ET SCAN MySQL Malicious Scanning 1"; flow:to_server; content:"|00 03|"; offset:3; depth:2; content:"GRANT ALTER, ALTER ROUTINE"; distance:0; nocase; within:30; content:"TO root@% WITH"; fast_pattern; reference:url,isc.sans.edu/diary/Quick+Analysis+of+a+Recent+MySQL+Exploit/20781; classtype:bad-unknown; sid:2022579; rev:2; metadata:created_at 2016_03_01, confidence Medium, signature_severity Major, updated_at 2019_10_08;)