ET MALWARE Possibly SLIGHTPULSE Related - Suspicious POST to Specific URI Path - Suricata Rule 2032787 (et/open)

ET MALWARE Possibly SLIGHTPULSE Related - Suspicious POST to Specific URI Path

SID: 2032787Rev: 10 viewsHistory

Sourceet/open

CreatedApril 20, 2021

UpdatedApril 20, 2021

Classificationattempted-admin

alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET MALWARE Possibly SLIGHTPULSE Related - Suspicious POST to Specific URI Path"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"meeting_testjs.cgi"; fast_pattern; reference:url,www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html; classtype:attempted-admin; sid:2032787; rev:1; metadata:created_at 2021_04_20, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_04_20;)

References

url	www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html

Metadata

created at2021_04_20

deploymentSSLDecrypt

confidenceHigh

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2021_04_20

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!