Versions (3)
Version DetailsCurrent
Rev: 2 • Oct 26, 2017, 12:00 PMET WEB_SERVER 401TRG Generic Webshell Request - POST with wget in body
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER 401TRG Generic Webshell Request - POST with wget in body"; flow:established,to_server; threshold:type limit, track by_src, seconds 3600, count 1; http.request_body; content:"wget"; nocase; content:"http"; nocase; within:11; classtype:web-application-attack; sid:2024930; rev:2; metadata:affected_product Apache_HTTP_server, attack_target Server, created_at 2017_10_26, deployment Datacenter, malware_family webshell, performance_impact Moderate, confidence Medium, signature_severity Major, updated_at 2023_06_06;)
Oct 26, 2017, 12:00 PM
Jun 6, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-web_server.rules