TGI HUNT Suspicious Strings Inbound (RealCMD webshell)

SID: 2610847Rev: 124 views
History
Sourcetgreen/hunting
CreatedMarch 19, 2025
UpdatedMarch 19, 2025
Classificationbad-unknown
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"TGI HUNT Suspicious Strings Inbound (RealCMD webshell)"; flow:established; content:"runCmd"; content:"RealCMD"; content:"buildJson"; content:"Encrypt"; classtype:bad-unknown; sid:2610847; rev:1;)

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!