""ET WEB_SERVER WebShell Generic - ASP File Uploaded""
SID: 2017260
Revision: 10
Class Type: trojan-activity
Metadata: created_at 2013_07_31, updated_at 2013_07_31
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HTTP_SERVERS
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "|0D 0A|"
-
Value: "<%"
-
Value: "%>"
Within: 5
PCRE: "/<%[\x00-\x7f]{20}/P"
Special Options:
-
http_client_body
-
http_client_body
-
fast_pattern
-
http_client_body