alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET TROJAN Cknife Shell Command Struct Inbound (aspx)"; flow:to_server,established; content:"POST"; http_method; content:"Java"; http_user_agent; depth:4; content:"=Response.Write"; http_client_body; depth:18; fast_pattern; content:"eval"; http_client_body; distance:0; content:!"Referer|3a 20|"; http_header; reference:url,www.recordedfuture.com/web-shell-analysis-part-2; classtype:trojan-activity; sid:2022977; rev:3; metadata:attack_target Web_Server, deployment Datacenter, signature_severity Major, created_at 2016_07_20, performance_impact Low, updated_at 2019_10_24;)

Added 2019-10-24 19:38:13 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET TROJAN Cknife Shell Command Struct Inbound (aspx)"; flow:to_server,established; content:"POST"; http_method; content:"User-Agent|3a 20|Java"; http_header; depth:16; content:"=Response.Write"; http_client_body; depth:18; fast_pattern; content:"eval"; http_client_body; distance:0; content:!"Referer|3a 20|"; http_header; reference:url,www.recordedfuture.com/web-shell-analysis-part-2; classtype:trojan-activity; sid:2022977; rev:2; metadata:attack_target Web_Server, deployment Datacenter, signature_severity Major, created_at 2016_07_20, performance_impact Low, updated_at 2016_07_20;)

Added 2018-09-13 19:52:43 UTC


Added 2018-09-13 18:01:01 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET TROJAN Cknife Shell Command Struct Inbound (aspx)"; flow:to_server,established; content:"POST"; http_method; content:"User-Agent|3a 20|Java"; http_header; depth:16; content:"=Response.Write"; http_client_body; depth:18; fast_pattern; content:"eval"; http_client_body; distance:0; content:!"Referer|3a 20|"; http_header; reference:url,www.recordedfuture.com/web-shell-analysis-part-2; classtype:trojan-activity; sid:2022977; rev:2; metadata:attack_target Web_Server, deployment Datacenter, signature_severity Major, created_at 2016_07_20, performance_impact Low, updated_at 2016_07_20;)

Added 2017-08-07 21:18:00 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET TROJAN Cknife Shell Command Struct Inbound (aspx)"; flow:to_server,established; content:"POST"; http_method; content:"User-Agent|3a 20|Java"; http_header; depth:16; content:"=Response.Write"; http_client_body; depth:18; fast_pattern; content:"eval"; http_client_body; distance:0; content:!"Referer|3a 20|"; http_header; reference:url,www.recordedfuture.com/web-shell-analysis-part-2; classtype:trojan-activity; sid:2022977; rev:2;)

Added 2016-07-20 17:25:17 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET TROJAN Cknife Shell Command Struct Inbound (aspx)"; flow:to_server,established; content:"POST"; http_method; content:"User-Agent|3a 20|Java"; http_header; depth:16; content:"=Response.Write"; http_client_body; depth:18; fast_pattern; content:"eval"; http_client_body; distance:0; content:!"Referer|3a 20|"; http_header; reference:url,www.recordedfuture.com/web-shell-analysis-part-2; classtype:trojan-activity; sid:2022977; rev:2;)

Added 2016-07-20 17:24:09 UTC


Topic revision: r1 - 2019-10-24 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats