ET EXPLOIT Unknown Command Injection Attempt Inbound (Possible Mirai Activity)

SID: 2033272Rev: 10 views
History
Sourceet/open
CreatedJuly 7, 2021
UpdatedJuly 7, 2021
Classificationattempted-user
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Unknown Command Injection Attempt Inbound (Possible Mirai Activity)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/op_type="; startswith; fast_pattern; content:"|3b|"; reference:url,unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/; classtype:attempted-user; sid:2033272; rev:1; metadata:created_at 2021_07_07, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_07_07, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services;)

References

urlunit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/

Metadata

created at2021_07_07
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2021_07_07
mitre tactic idTA0008
mitre tactic nameLateral_Movement
mitre technique idT1210
mitre technique nameExploitation_Of_Remote_Services

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!