""ET WEB_SERVER ATTACKER WebShell - Weevely - Downloaded""
SID: 2020555
Revision: 1
Class Type: trojan-activity
Metadata: created_at 2015_02_24, updated_at 2015_02_24
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HTTP_SERVERS
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "<?php|0A|$"
-
Value: "="
-
Value: " str_replace("
Within: 2
PCRE:
Special Options:
- file_data