""ET WEB_SERVER WebShell Generic - ASP File Uploaded""

SID: 2017260

Revision: 10

Class Type: trojan-activity

Metadata: created_at 2013_07_31, updated_at 2013_07_31

Reference:

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HTTP_SERVERS

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

• Value: "|0D 0A|"

• Value: "<%"

• Value: "%>"

Within: 5

PCRE: "/<%[\x00-\x7f]{20}/P"

Special Options:

• http_client_body

• http_client_body

• fast_pattern

• http_client_body

source