#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ELF file magic encoded Base64 Inbound Web Servers Likely Command Execution 2"; flow:established,to_server; content:"base64"; fast_pattern; content:"9FT"; pcre:"/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})/R"; classtype:attempted-user; sid:2025717; rev:3; metadata:affected_product Linux, attack_target Web_Server, created_at 2018_07_16, deployment Datacenter, former_category WEB_SPECIFIC_APPS, updated_at 2018_07_16;)

Added 2022-05-19 19:06:46 UTC


#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ELF file magic encoded Base64 Inbound Web Servers Likely Command Execution 2"; flow:established,to_server; content:"base64"; fast_pattern; content:"9FT"; pcre:"/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})/R"; classtype:attempted-user; sid:2025717; rev:2; metadata:affected_product Linux, attack_target Web_Server, created_at 2018_07_16, deployment Datacenter, former_category WEB_SPECIFIC_APPS, updated_at 2018_07_16;)

Added 2020-08-05 19:14:49 UTC


#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ELF file magic encoded Base64 Inbound Web Servers Likely Command Execution 2"; flow:established,to_server; content:"base64"; fast_pattern; content:"9FT"; pcre:"/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})/R"; metadata: former_category WEB_SPECIFIC_APPS; classtype:attempted-user; sid:2025717; rev:2; metadata:affected_product Linux, attack_target Web_Server, deployment Datacenter, created_at 2018_07_16, updated_at 2018_07_16;)

Added 2018-09-13 19:54:46 UTC


Added 2018-09-13 18:02:13 UTC


#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ELF file magic encoded Base64 Inbound Web Servers Likely Command Execution 2"; flow:established,to_server; content:"base64"; fast_pattern; content:"9FT"; pcre:"/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})/R"; metadata: former_category WEB_SPECIFIC_APPS; classtype:attempted-user; sid:2025717; rev:2; metadata:affected_product Linux, attack_target Web_Server, deployment Datacenter, created_at 2018_07_16, updated_at 2018_07_16;)

Added 2018-07-16 18:16:54 UTC


Topic revision: r1 - 2022-05-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats