ET MALWARE Suspected NginxSpy Related Request (Inbound)

7.0.35.0SID: 2044122Rev: 3Enabled12 views
Sourceet/open
Fileemerging-malware.rules
CreatedFebruary 6, 2023
UpdatedApril 3, 2024
Classificationtrojan-activity
alert http1 $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Suspected NginxSpy Related Request (Inbound)"; flow:established,to_server; flowbits:set,ET.nginxspy; http.request_line; content:"GET / HTTP/1.0"; http.user_agent; bsize:20; content:"360|20|Safe|20|Browser|20|2.0"; fast_pattern; reference:url,jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_2_4_peter-jr-wei_en.pdf; classtype:trojan-activity; sid:2044122; rev:3; metadata:attack_target Web_Server, created_at 2023_02_06, deployment Perimeter, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_03; target:dest_ip;)

Metadata

attack targetWeb_Server
created at2023_02_06
deploymentPerimeter
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_03

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!