Versions (5)
Version DetailsCurrent
Rev: 1 • Jul 7, 2021, 12:00 PMET EXPLOIT Unknown Command Injection Attempt Inbound (Possible Mirai Activity)
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Unknown Command Injection Attempt Inbound (Possible Mirai Activity)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/op_type="; startswith; fast_pattern; content:"|3b|"; reference:url,unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/; classtype:attempted-user; sid:2033272; rev:1; metadata:created_at 2021_07_07, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_07_07, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services;)
Jul 7, 2021, 12:00 PM
Jul 7, 2021, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 10, 2025, 9:34 PM
rules/emerging-exploit.rules