#alert tcp $EXTERNAL_NET any -> $HOME_NET [23,2323,3323,4323] (msg:"ET TELNET SUSPICIOUS busybox shell"; flow:to_server,established; content:"shell"; fast_pattern:only; pcre:"/\bshell\b/"; flowbits:isset,ET.telnet.busybox; threshold: type limit, count 1, track by_src, seconds 30; metadata: former_category TELNET; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2016-August/027524.html; classtype:attempted-admin; sid:2023017; rev:3; metadata:attack_target Server, deployment Datacenter, signature_severity Major, created_at 2016_08_08, performance_impact Low, updated_at 2016_08_23;)

Added 2019-10-09 19:08:54 UTC


#alert tcp $EXTERNAL_NET any -> $HOME_NET [23,2323,3323,4323] (msg:"ET TELNET SUSPICIOUS busybox shell"; flow:to_server,established; content:"shell"; fast_pattern:only; pcre:"/\bshell\b/"; flowbits:isset,ET.telnet.busybox; threshold: type limit, count 1, track by_src, seconds 30; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2016-August/027524.html; classtype:attempted-admin; sid:2023017; rev:3; metadata:attack_target Server, deployment Datacenter, signature_severity Major, created_at 2016_08_08, performance_impact Low, updated_at 2016_08_23;)

Added 2018-09-13 19:52:44 UTC


Added 2018-09-13 18:01:02 UTC


#alert tcp $EXTERNAL_NET any -> $HOME_NET [23,2323,3323,4323] (msg:"ET TELNET SUSPICIOUS busybox shell"; flow:to_server,established; content:"shell"; fast_pattern:only; pcre:"/\bshell\b/"; flowbits:isset,ET.telnet.busybox; threshold: type limit, count 1, track by_src, seconds 30; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2016-August/027524.html; classtype:attempted-admin; sid:2023017; rev:3; metadata:attack_target Server, deployment Datacenter, signature_severity Major, created_at 2016_08_08, performance_impact Low, updated_at 2016_08_23;)

Added 2017-11-01 16:17:52 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET [23,2323,3323,4323] (msg:"ET TELNET SUSPICIOUS busybox shell"; flow:to_server,established; content:"shell"; fast_pattern:only; pcre:"/\bshell\b/"; flowbits:isset,ET.telnet.busybox; flowbits:set,ET.telnet.busybox.shell;threshold: type limit, count 1, track by_src, seconds 30; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2016-August/027524.html; classtype:attempted-admin; sid:2023017; rev:2; metadata:attack_target Server, deployment Datacenter, signature_severity Major, created_at 2016_08_08, performance_impact Low, updated_at 2016_08_23;)

Added 2017-08-07 21:18:03 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET [23,2323,3323,4323] (msg:"ET TELNET SUSPICIOUS busybox shell"; flow:to_server,established; content:"shell"; fast_pattern:only; pcre:"/\bshell\b/"; flowbits:isset,ET.telnet.busybox; flowbits:set,ET.telnet.busybox.shell;threshold: type limit, count 1, track by_src, seconds 30; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2016-August/027524.html; classtype:attempted-admin; sid:2023017; rev:2;)

Added 2016-08-23 19:12:48 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET [23,2323,3323,4323] (msg:"ET TELNET SUSPICIOUS busybox shell"; flow:to_server,established; content:"shell|00|"; flowbits:isset,ET.telnet.busybox; flowbits:set,ET.telnet.busybox.shell;threshold: type limit, count 1, track by_src, seconds 30; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2016-August/027524.html; classtype:attempted-admin; sid:2023017; rev:1;)

Added 2016-08-08 17:52:56 UTC



This topic: Main > 2023017
Topic revision: r1 - 2019-10-09 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats