ET RETIRED IIS-Raid Module Backdoor Default Headers in HTTP Request

SID: 2045225Rev: 21 views
History
Sourceet/open
CreatedApril 27, 2023
UpdatedApril 17, 2025
Classificationtrojan-activity
alert http any any -> $HOME_NET any (msg:"ET RETIRED IIS-Raid Module Backdoor Default Headers in HTTP Request"; flow:established,to_server; http.header; content:"X-Chrome-Variations|3a 20|"; fast_pattern; content:"X-Password|3a 20|"; reference:url,github.com/0x09AL/IIS-Raid; classtype:trojan-activity; sid:2045225; rev:2; metadata:affected_product Microsoft_IIS, attack_target Web_Server, created_at 2023_04_27, deployment Perimeter, deployment Internal, deployment SSLDecrypt, former_category MALWARE, performance_impact Low, confidence High, signature_severity Major, updated_at 2025_04_17, reviewed_at 2025_04_17;)

References

urlgithub.com/0x09AL/IIS-Raid

Metadata

affected productMicrosoft_IIS
attack targetWeb_Server
created at2023_04_27
deploymentSSLDecrypt
former categoryMALWARE
performance impactLow
confidenceHigh
signature severityMajor
updated at2025_04_17
reviewed at2025_04_17

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!