""ET WEB_SERVER IIS ISN BackDoor Command GetLog""
SID: 2017820
Revision: 4
Class Type: trojan-activity
Metadata: created_at 2013_12_10, updated_at 2013_12_10
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
- Value: "isn_getlog"
Within:
PCRE: "/[?&]isn_getlog/Ui"
Special Options:
-
http_uri
-
nocase