ET WEB_SERVER Generic Webshell Activity (POST)
Sourceet/open
CreatedOctober 27, 2023
UpdatedOctober 27, 2023
Classificationweb-application-attack
alert http $HOME_NET any -> any any (msg:"ET WEB_SERVER Generic Webshell Activity (POST)"; flow:established,to_client; file.data; content:"<html><head><meta http-equiv=|27|Content-Type|27 20|content=|27|text/html"; content:"charset="; distance:0; content:"><title>"; distance:0; content:"|20|-|20|WSO|20|"; within:50; fast_pattern; reference:md5,eda02ae6dd7d0fe841653f5e6a69d17e; classtype:web-application-attack; sid:2048923; rev:1; metadata:attack_target Web_Server, created_at 2023_10_27, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Critical, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_10_27, reviewed_at 2023_10_27; target:src_ip;)
References
| md5 | eda02ae6dd7d0fe841653f5e6a69d17e |
Metadata
attack targetWeb_Server
created at2023_10_27
deploymentPerimeter
performance impactLow
confidenceMedium
signature severityCritical
tagDescription_Generated_By_Proofpoint_Nexus
updated at2023_10_27
reviewed at2023_10_27
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!