""ET SHELLCODE Linux/x86-64 - Polymorphic Setuid(0) & Execve(/bin/sh) Shellcode""
SID: 2024058
Revision: 1
Class Type: shellcode-detect
Metadata: affected_product Linux, attack_target Client_and_Server, created_at 2017_03_15, deployment Perimeter, performance_impact Low, signature_severity Critical, updated_at 2017_03_15
Reference:
Protocol: ip
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: any
Flow:
Contents:
- Value: "|31 ff 57 6a 69 58 48 bb 5e c4 d2 dc 5e 5e e6 d0 0f 05 48 d1 cb b0 3b 53 87 f7 54 99 5f 0f 05|"
Within:
PCRE:
Special Options: