ET WEB_SERVER Gootkit Website Infection Receiving FTP Credentials from Control Server

SID: 2011287Rev: 40 viewsHistory

Sourceet/open

CreatedSeptember 28, 2010

UpdatedSeptember 27, 2019

Classificationweb-application-attack

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Gootkit Website Infection Receiving FTP Credentials from Control Server"; flowbits:isset,ET.GOOTKIT; flow:established,from_server; content:"<acc><login>"; nocase; content:"</login><pass>"; nocase; distance:0; content:"</pass><serv>"; nocase; distance:0; content:"</serv><port>21</port>"; nocase; distance:0; reference:url,www.m86security.com/labs/i/GootKit--Automated-Website-Infection,trace.1368~.asp; classtype:web-application-attack; sid:2011287; rev:4; metadata:created_at 2010_09_28, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_09_27;)

References

url	www.m86security.com/labs/i/GootKit--Automated-Website-Infection

Metadata

created at2010_09_28

signature severityUnknown

tagDescription_Generated_By_Proofpoint_Nexus

updated at2019_09_27

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!