Versions (3)
Version DetailsCurrent
Rev: 3 • Oct 9, 2020, 12:00 PMET INFO Lucy Security - Admin Panel Accessed on Internal Server
alert http $HTTP_SERVERS any -> $EXTERNAL_NET any (msg:"ET INFO Lucy Security - Admin Panel Accessed on Internal Server"; flow:established,to_client; file_data; content:"|20|system|2e|csrf|20 3d 20 22|"; content:"|22 3b 0a 20|"; distance:40; within:4; content:"|20|system|2e|baseUrl|20 3d 20 22|"; within:100; content:"|20|system|2e|uploadScnPDFUrl|20 3d 20 22|"; fast_pattern; within:2000; content:"|20|system|2e|uploadScnTplPDFUrl|20 3d 20 22|"; within:200; content:"|20|system|2e|appName|20 3d 20 22|"; within:200; reference:url,lucysecurity.com/; classtype:bad-unknown; sid:2030992; rev:3; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2020_10_09, deployment Perimeter, malware_family Lucy, performance_impact Low, confidence High, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_12_26;)
Oct 9, 2020, 12:00 PM
Dec 26, 2023, 12:00 PM
Oct 9, 2020, 12:00 PM
Sep 15, 2025, 9:36 PM
rules/emerging-info.rules