ET MALWARE Suspected NginxSpy Related Request (Inbound)

SID: 2044122Rev: 18 views
History
Sourceet/open
CreatedFebruary 6, 2023
UpdatedFebruary 6, 2023
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Suspected NginxSpy Related Request (Inbound)"; flow:established,to_server; flowbits:set,ET.nginxspy; http.request_line; content:"GET / HTTP/1.0"; http.user_agent; content:"360|20|Safe|20|Browser|20|2.0"; bsize:20; fast_pattern; reference:url,jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_2_4_peter-jr-wei_en.pdf; classtype:trojan-activity; sid:2044122; rev:1; metadata:attack_target Web_Server, created_at 2023_02_06, deployment Perimeter, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_02_06; target:dest_ip;)

References

urljsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_2_4_peter-jr-wei_en.pdf

Metadata

attack targetWeb_Server
created at2023_02_06
deploymentPerimeter
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2023_02_06

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!