Rule History

alert http [$HOME_NET,$HTTP_SERVERS] any -> $EXTERNAL_NET any (msg:"ET MALWARE Generic PHP Backdoor CnC Response"; flow:established,to_client; flowbits:isset,ET.misc.phpbackdoor; http.response_body; content:"6a59bb58c6c03d5103d44f3b7e5ebf07"; fast_pattern; reference:url,bartbroere.eu/2023/12/31/php-backdoor-malware/; reference:url,seclists.org/snort/2024/q1/0; classtype:web-application-activity; sid:2049900; rev:1; metadata:affected_product Wordpress, attack_target Web_Server, created_at 2024_01_03, deployment Perimeter, confidence High, signature_severity Critical, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_01_03;)