alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER WEBSHELL JSP/Backdoor Shell Access"; flow:established,to_server; content:".war?cmd="; http_uri; fast_pattern; content:"&winurl="; http_uri; content:"&linurl="; http_uri; pcre:"/\.war\?cmd=[a-zA-Z0-9+/=]+&winurl=[a-zA-Z0-9+/=]*&linurl=[a-zA-Z0-9+/=]*/U"; reference:url,blog.malwaremustdie.org/2016/01/mmd-0049-2016-case-of-java-trojan.html; classtype:successful-admin; sid:2022348; rev:4; metadata:created_at 2016_01_11, updated_at 2019_10_07;)

Added 2019-10-08 19:34:35 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER WEBSHELL JSP/Backdoor Shell Access"; flow:established,to_server; content:".war?cmd="; http_uri; fast_pattern:only; content:"&winurl="; http_uri; content:"&linurl="; http_uri; pcre:"/\.war\?cmd=[a-zA-Z0-9+/=]+&winurl=[a-zA-Z0-9+/=]*&linurl=[a-zA-Z0-9+/=]*/U"; reference:url,blog.malwaremustdie.org/2016/01/mmd-0049-2016-case-of-java-trojan.html; classtype:successful-admin; sid:2022348; rev:3; metadata:created_at 2016_01_11, updated_at 2016_01_11;)

Added 2018-09-13 19:52:08 UTC


Added 2018-09-13 18:00:39 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER WEBSHELL JSP/Backdoor Shell Access"; flow:established,to_server; content:".war?cmd="; http_uri; fast_pattern:only; content:"&winurl="; http_uri; content:"&linurl="; http_uri; pcre:"/\.war\?cmd=[a-zA-Z0-9+/=]+&winurl=[a-zA-Z0-9+/=]*&linurl=[a-zA-Z0-9+/=]*/U"; reference:url,blog.malwaremustdie.org/2016/01/mmd-0049-2016-case-of-java-trojan.html; classtype:successful-admin; sid:2022348; rev:3; metadata:created_at 2016_01_11, updated_at 2016_01_11;)

Added 2017-08-07 21:17:13 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER WEBSHELL JSP/Backdoor Shell Access"; flow:established,to_server; content:".war?cmd="; http_uri; fast_pattern:only; content:"&winurl="; http_uri; content:"&linurl="; http_uri; pcre:"/\.war\?cmd=[a-zA-Z0-9+/=]+&winurl=[a-zA-Z0-9+/=]*&linurl=[a-zA-Z0-9+/=]*/U"; reference:url,blog.malwaremustdie.org/2016/01/mmd-0049-2016-case-of-java-trojan.html; classtype:successful-admin; sid:2022348; rev:3;)

Added 2016-01-14 00:48:59 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER WEBSHELL JSP/Backdoor Shell Access"; flow:established,to_server; content:".war?cmd="; http_uri; fast_pattern:only; content:"&winurl="; http_uri; content:"&linurl="; http_uri; pcre:"/\.war?cmd=[a-zA-Z0-9+/=]+&winurl=[a-zA-Z0-9+/=]*&linurl=[a-zA-Z0-9+/=]*/U"; reference:url,blog.malwaremustdie.org/2016/01/mmd-0049-2016-case-of-java-trojan.html; classtype:successful-admin; sid:2022348; rev:2;)

Added 2016-01-11 18:09:50 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats