SCAN [PTsecurity] Neutrino shell probing die(md5(

SID: 10003766Rev: 20 views
Sourceptresearch/attackdetection
CreatedDecember 13, 2021
UpdatedDecember 13, 2021
Classificationattempted-recon
alert http any any -> any any (msg:"SCAN [PTsecurity] Neutrino shell probing die(md5("; flow:established, to_server; content:"die(md5("; isdataat:!20, relative; threshold:type limit, track by_src, seconds 300, count 1; reference:url, github.com/ptresearch/AttackDetection; classtype:attempted-recon; sid:10003766; rev:2;)

References

urlgithub.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!