Versions (4)
Version DetailsCurrent
Rev: 3 • Jul 16, 2018, 12:00 PMET WEB_SPECIFIC_APPS ELF file magic encoded Base64 Inbound Web Servers Likely Command Execution 3
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ELF file magic encoded Base64 Inbound Web Servers Likely Command Execution 3"; flow:established,to_server; content:"base64"; fast_pattern; content:"/RU"; pcre:"/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})/R"; classtype:attempted-user; sid:2025718; rev:3; metadata:affected_product Linux, attack_target Web_Server, created_at 2018_07_16, deployment Datacenter, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Jul 16, 2018, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-web_specific_apps.rules