ET HUNTING Suspicious HTTP Server Value in Response (Apache.)

7.0.35.0SID: 2049206Rev: 2Enabled6 views
Sourceet/open
Fileemerging-hunting.rules
CreatedNovember 15, 2023
UpdatedApril 27, 2024
Classificationmisc-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET HUNTING Suspicious HTTP Server Value in Response (Apache.)"; flow:established,to_client; http.server; bsize:7; content:"Apache|2e|"; fast_pattern; threshold:type limit,seconds 300,count 1,track by_src; reference:url,blog.fox-it.com/2023/11/15/the-spelling-police-searching-for-malicious-http-servers-by-identifying-typos-in-http-responses; classtype:misc-activity; sid:2049206; rev:2; metadata:attack_target Client_Endpoint, created_at 2023_11_15, deployment Perimeter, deployment SSLDecrypt, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_27;)

Metadata

attack targetClient_Endpoint
created at2023_11_15
deploymentSSLDecrypt
confidenceMedium
signature severityInformational
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_27

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!