alert http any any -> [$HTTP_SERVERS,$HOME_NET] any (msg:"ET EXPLOIT Archeevo 5.0 - Local File Inclusion"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/error?StatusCode=404&file="; fast_pattern; content:!"~/FileNotFoundPage.html"; within:23; reference:url,www.exploit-db.com/exploits/50665; reference:url,cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers; reference:url,miguelsantareno.github.io/MoD_1.pdf; classtype:attempted-admin; sid:2036740; rev:2; metadata:affected_product Wordpress_Plugins, attack_target Server, created_at 2022_06_01, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, tag LFI, tag RFI, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_06_23, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)