""ET SHELLCODE Unescape Variable Unicode Shellcode""
SID: 2012535
Revision: 2
Class Type: shellcode-detect
Metadata: created_at 2011_03_22, performance_impact Significant, updated_at 2024_04_09
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "= unescape|28|"
-
Value: "|5C|u"
-
Value: "|5C|u"
Within: 6
PCRE: "/var\x20[a-z,0-9]{1,30}\x20\x3D\x20unescape\x28.\x5Cu[a-f,0-9]{2,4}\x5Cu[a-f,0-9]{2,4}/i"
Special Options:
-
nocase
-
nocase
-
nocase