ET MALWARE Agrius Group Webshell Command Execution Attempt

7.0.35.0SID: 2049905Rev: 2Enabled16 views
Sourceet/open
Fileemerging-malware.rules
CreatedJanuary 3, 2024
UpdatedMarch 8, 2024
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Agrius Group Webshell Command Execution Attempt"; flow:established,to_server; http.method; content:"POST"; http.uri; content:".aspx"; endswith; http.request_body; content:"&bkcm="; fast_pattern; content:"ErpF=Submit"; within:100; endswith; reference:url,unit42.paloaltonetworks.com/agonizing-serpens-targets-israeli-tech-higher-ed-sectors/; classtype:trojan-activity; sid:2049905; rev:2; metadata:affected_product Microsoft_IIS, attack_target Web_Server, created_at 2024_01_03, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_03_08, reviewed_at 2025_07_14; target:dest_ip;)

Metadata

affected productMicrosoft_IIS
attack targetWeb_Server
created at2024_01_03
deploymentSSLDecrypt
performance impactLow
confidenceHigh
signature severityMajor
updated at2024_03_08
reviewed at2025_07_14

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!