ET WEB_SERVER ATTACKER WebShell - Weevely - Cookie

7.0.35.0SID: 2020557Rev: 4Enabled3 views
Sourceet/open
Fileemerging-web_server.rules
CreatedFebruary 24, 2015
UpdatedApril 7, 2024
Classificationtrojan-activity
alert http any any -> $EXTERNAL_NET any (msg:"ET WEB_SERVER ATTACKER WebShell - Weevely - Cookie"; flow:established,to_server; http.header; content:"ing|3a 20|identity"; http.cookie; content:"SESS="; content:"|3B 20|SID="; distance:0; content:"|3B 20|PREF="; distance:0; content:"|3B|SSID="; fast_pattern; distance:0; classtype:trojan-activity; sid:2020557; rev:4; metadata:created_at 2015_02_24, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_07;)

Metadata

created at2015_02_24
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_07

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!