""ET EXPLOIT SolusVM 1.13.03 Access to solusvmc-node setuid bin""
SID: 2017061
Revision: 3
Class Type: trojan-activity
Metadata: created_at 2013_06_25, updated_at 2013_06_25
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $HTTP_SERVERS
Destination Port: [5353,5656,80]
Flow: established,to_server
Contents:
-
Value: "POST " Depth: 5
-
Value: "solusvmc-node"
Within:
PCRE: "/\bsolusvmc-node\b/"
Special Options: