ET WEB_SERVER 401TRG Generic Webshell Request - POST with wget in body - Suricata Rule 2024930 (et/open)

ET WEB_SERVER 401TRG Generic Webshell Request - POST with wget in body

SID: 2024930Rev: 20 viewsHistory

Sourceet/open

CreatedOctober 26, 2017

UpdatedJune 6, 2023

Classificationweb-application-attack

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER 401TRG Generic Webshell Request - POST with wget in body"; flow:established,to_server; threshold:type limit, track by_src, seconds 3600, count 1; http.request_body; content:"wget"; nocase; content:"http"; nocase; within:11; classtype:web-application-attack; sid:2024930; rev:2; metadata:affected_product Apache_HTTP_server, attack_target Server, created_at 2017_10_26, deployment Datacenter, malware_family webshell, performance_impact Moderate, confidence Medium, signature_severity Major, updated_at 2023_06_06;)

Metadata

affected productApache_HTTP_server

attack targetServer

created at2017_10_26

deploymentDatacenter

malware familywebshell

performance impactModerate

confidenceMedium

signature severityMajor

updated at2023_06_06

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!