ET MALWARE Perl CGI Web Shell (DSAUTOKEN) Activity Observed Inbound

SID: 2061885Rev: 165 views

Sourceet/open

CreatedApril 25, 2025

UpdatedApril 25, 2025

Classificationtrojan-activity

alert http any any -> $HOME_NET any (msg:"ET MALWARE Perl CGI Web Shell (DSAUTOKEN) Activity Observed Inbound"; flow:established,to_server; http.uri; content:"data|3d|"; http.cookie; content:"DSAUTOKEN|3d|af95380019083db5"; fast_pattern; reference:url,blogs.jpcert.or.jp/en/2025/04/dslogdrat.html; classtype:trojan-activity; sid:2061885; rev:1; metadata:affected_product Ivanti, attack_target Server, created_at 2025_04_25, deployment Perimeter, deployment Internet, confidence High, signature_severity Major, updated_at 2025_04_25, mitre_tactic_id TA0003, mitre_tactic_name Persistence, mitre_technique_id T1505, mitre_technique_name Server_Software_Component; target:dest_ip;)

References

url	blogs.jpcert.or.jp/en/2025/04/dslogdrat.html

Metadata

affected productIvanti

attack targetServer

created at2025_04_25

deploymentInternet

confidenceHigh

signature severityMajor

updated at2025_04_25

mitre tactic idTA0003

mitre tactic namePersistence

mitre technique idT1505

mitre technique nameServer_Software_Component

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!