TGI HUNT Suspicious String Inbound (msf phpshell)

SID: 2610863Rev: 151 views
History
Sourcetgreen/hunting
CreatedMarch 19, 2025
UpdatedMarch 19, 2025
Classificationbad-unknown
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"TGI HUNT Suspicious String Inbound (msf phpshell)"; flow:established; content:"Lyo8P3BocCAvKiovIGVycm9yX3JlcG9ydGluZygwKTsgJGlw"; reference:url,travisgreen.net/updates/20240123; reference:url,github.com/rapid7/metasploit-framework/blob/ef8f8bc8d36a9a4df0c544b26eb1c20368244ca6/lib/msf/core/payload/php/reverse_tcp.rb#L51; classtype:bad-unknown; sid:2610863; rev:1;)

References

urltravisgreen.net/updates/20240123
urlgithub.com/rapid7/metasploit-framework/blob/ef8f8bc8d36a9a4df0c544b26eb1c20368244ca6/lib/msf/core/payload/php/reverse_tcp.rb#L51

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!