ET HUNTING ysoserial.NET Payload in HTTP Header (Spring1/Spring2) M1

7.0.35.0SID: 2033545Rev: 2Enabled3 views
Sourceet/open
Fileemerging-hunting.rules
CreatedJuly 28, 2021
UpdatedJune 4, 2026
Classificationattempted-admin
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET HUNTING ysoserial.NET Payload in HTTP Header (Spring1/Spring2) M1"; flow:established,to_server; http.header; content:"//68AMYDAAAFAHMAcgAAAEkAbwByAGcALgBzAHAAcgBpAG4AZwBmAHIAYQBtAGUAdwBvAHIAawAuAGMAbwByAGUALgBTAGUA"; fast_pattern; classtype:attempted-admin; sid:2033545; rev:2; metadata:attack_target Server, created_at 2021_07_28, deployment Perimeter, deployment Internal, former_category EXPLOIT, malware_family ysoserial, confidence High, signature_severity Major, tag Exploit, tag possible_exploitation, updated_at 2026_06_04, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

Metadata

attack targetServer
created at2021_07_28
deploymentInternal
former categoryEXPLOIT
malware familyysoserial
confidenceHigh
signature severityMajor
tagpossible_exploitation
updated at2026_06_04
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!