ET WEB_SERVER IIS ISN BackDoor Command Delete Log

SID: 2017821Rev: 80 views
History
Sourceet/open
CreatedDecember 10, 2013
UpdatedOctober 1, 2020
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER IIS ISN BackDoor Command Delete Log"; flow:established,to_server; http.uri; content:"isn_logdel"; nocase; fast_pattern; pcre:"/[?&]isn_logdel/i"; reference:url,blog.spiderlabs.com/2013/12/the-curious-case-of-the-malicious-iis-module.html; classtype:trojan-activity; sid:2017821; rev:8; metadata:created_at 2013_12_10, signature_severity Major, updated_at 2020_10_01;)

References

urlblog.spiderlabs.com/2013/12/the-curious-case-of-the-malicious-iis-module.html

Metadata

created at2013_12_10
signature severityMajor
updated at2020_10_01

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!