Versions (3)
Version DetailsCurrent
Rev: 4 • May 9, 2019, 12:00 PMET WEB_SERVER China Chopper WebShell Observed Outbound
alert http $HTTP_SERVERS any -> $EXTERNAL_NET any (msg:"ET WEB_SERVER China Chopper WebShell Observed Outbound"; flow:established,from_server; http.stat_code; content:"200"; file.data; content:"<%@|20|Page|20|Language=|22|Jscript|22|%><eval|28|Request.Item|5b|"; fast_pattern; content:"|22 29 3b|%>"; within:50; classtype:trojan-activity; sid:2027341; rev:4; metadata:created_at 2019_05_09, performance_impact Low, signature_severity Major, updated_at 2020_11_18;)
May 9, 2019, 12:00 PM
Nov 18, 2020, 12:00 PM
May 9, 2019, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-web_server.rules