ET ATTACK_RESPONSE Possible WebShell Upload Attempt via Directory Traversal M2

SID: 2038638Rev: 10 views
History
Sourceet/open
CreatedAugust 29, 2022
UpdatedAugust 29, 2022
Classificationattempted-admin
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET ATTACK_RESPONSE Possible WebShell Upload Attempt via Directory Traversal M2"; flow:to_server,established; http.method; content:"POST"; http.request_body; content:"./"; content:"filename|22|"; fast_pattern; pcre:"/^.{1,5}\x22[^\x22]+(\.{1,2}\/)+(\w+\/?)+\.(jsp|aspx?|php)\x22/R"; classtype:attempted-admin; sid:2038638; rev:1; metadata:created_at 2022_08_29, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_08_29, mitre_tactic_id TA0003, mitre_tactic_name Persistence, mitre_technique_id T1505, mitre_technique_name Server_Software_Component; target:dest_ip;)

Metadata

created at2022_08_29
deploymentInternal
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2022_08_29
mitre tactic idTA0003
mitre tactic namePersistence
mitre technique idT1505
mitre technique nameServer_Software_Component

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!