ET HUNTING Possible cs2nginx Proxy Redirect
Sourceet/open
Fileemerging-hunting.rules
CreatedJanuary 10, 2022
UpdatedApril 27, 2024
Classificationbad-unknown
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET HUNTING Possible cs2nginx Proxy Redirect"; flow:established,to_client ; http.stat_code; content:"302"; http.header; header_lowercase; content:"|0d 0a|server|3a 20|Server|0d 0a|referrer-policy|3a 20|no-referrer|0d 0a|"; fast_pattern; endswith; reference:url,github.com/threatexpress/cs2modrewrite/blob/d6516e153dfd2a19cc3fba6c26b948e2b0933708/cs2nginx.py ; reference:url,www.sekoia.io/en/nobeliums-envyscout-infection-chain-goes-in-the-registry-targeting-embassies/ ; classtype:bad-unknown; sid:2034874; rev:5; metadata:attack_target Client_Endpoint, created_at 2022_01_10, deployment Perimeter, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_27;)
References
Metadata
attack targetClient_Endpoint
created at2022_01_10
deploymentPerimeter
confidenceMedium
signature severityInformational
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_27
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!