""ET WEB_SERVER WebShell Generic - ASP File Uploaded""

SID: 2017260

Revision: 10

Class Type: trojan-activity

Metadata: created_at 2013_07_31, updated_at 2013_07_31

Reference:

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HTTP_SERVERS

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

  • Value: "|0D 0A|"

  • Value: "<%"

  • Value: "%>"

Within: 5

PCRE: "/<%[\x00-\x7f]{20}/P"

Special Options:

  • http_client_body

  • http_client_body

  • fast_pattern

  • http_client_body

source