ET WEB_SERVER HTTP Request to a *.e5b57288.com domain - Anuna Checkin - Compromised PHP Site - Suricata Rule 2023233 (et/open)

ET WEB_SERVER HTTP Request to a *.e5b57288.com domain - Anuna Checkin - Compromised PHP Site

SID: 2023233Rev: 40 views

Sourceet/open

CreatedSeptember 15, 2016

UpdatedOctober 13, 2020

Classificationbad-unknown

alert http $HTTP_SERVERS any -> $EXTERNAL_NET any (msg:"ET WEB_SERVER HTTP Request to a *.e5b57288.com domain - Anuna Checkin - Compromised PHP Site"; flow:to_server,established; http.header; content:"e5b57288.com"; fast_pattern; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2015-111911-4342-99&tabid=2; reference:url,security.stackexchange.com/questions/47253/hacked-site-encrypted-code; classtype:bad-unknown; sid:2023233; rev:4; metadata:affected_product Apache_HTTP_server, affected_product PHP, attack_target Web_Server, created_at 2016_09_15, deployment Datacenter, signature_severity Critical, updated_at 2020_10_13;)

References

url	www.symantec.com/security_response/writeup.jsp?docid=2015-111911-4342-99&tabid=2
url	security.stackexchange.com/questions/47253/hacked-site-encrypted-code

Metadata

affected productPHP

attack targetWeb_Server

created at2016_09_15

deploymentDatacenter

signature severityCritical

updated at2020_10_13

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!