THL Webshells-To-Cloud-Modular-Intrusion Suspicious mxx POST Parameter (Webshell Command Parameter Indicator)
Sourcehunters-ledger
Filehunters-ledger.rules
CreatedJuly 13, 2026
UpdatedJuly 13, 2026
Classificationweb-application-attack
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"THL Webshells-To-Cloud-Modular-Intrusion Suspicious mxx POST Parameter (Webshell Command Parameter Indicator)"; flow:established,to_server ; http.request_body; content:"mxx="; nocase; threshold:type limit,track by_src,count 1,seconds 3600 ; classtype:web-application-attack; sid:3500144; rev:2; metadata:author The_Hunters_Ledger, date 2025-10-20, reference https://the-hunters-ledger.com/hunting-detections/webshells-to-the-cloud-detections/ ;)
Metadata
authorThe_Hunters_Ledger
date2025-10-20
referencehttps://the-hunters-ledger.com/hunting-detections/webshells-to-the-cloud-detections/
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!