ET WEB_SERVER China Chopper WebShell Observed Outbound
Sourceet/open
Fileemerging-web_server.rules
CreatedMay 29, 2019
UpdatedMarch 7, 2024
Classificationtrojan-activity
alert http $HTTP_SERVERS any -> $EXTERNAL_NET any (msg:"ET WEB_SERVER China Chopper WebShell Observed Outbound"; flow:established,to_client ; http.stat_code; content:"200"; file.data; content:"|3c 25 40 20|Page|20|Language=|22|Jscript|22 25 3e 3c 25|eval|28|"; fast_pattern; content:"FromBase64String"; distance:0; nocase; content:"|25 3e|"; distance:0; classtype:trojan-activity; sid:2027393; rev:3; metadata:affected_product Web_Server_Applications, attack_target Server, created_at 2019_05_29, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2024_03_07;)
Metadata
affected productWeb_Server_Applications
attack targetServer
created at2019_05_29
deploymentPerimeter
performance impactLow
signature severityMajor
updated at2024_03_07
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!