""ET WEB_SERVER ATTACKER WebShell - Weevely - Cookie""
SID: 2020557
Revision: 1
Class Type: trojan-activity
Metadata: created_at 2015_02_24, updated_at 2015_02_24
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "ing|3a| identity|0D 0A|Host|3a|"
-
Value: "SESS="
-
Value: "|3B| SID="
-
Value: "|3B| PREF="
-
Value: "|3B|SSID="
Within:
PCRE:
Special Options:
-
http_header
-
http_cookie
-
http_cookie
-
http_cookie
-
http_cookie