""ET INFO Lucy Security - Admin Panel Accessed on Internal Server""
SID: 2030992
Revision: 3
Class Type: bad-unknown
Metadata: affected_product Web_Server_Applications, attack_target Web_Server, created_at 2020_10_09, deployment Perimeter, malware_family Lucy, performance_impact Low, confidence High, signature_severity Informational, updated_at 2023_12_26
Reference:
Protocol: tcp
Source Network: $HTTP_SERVERS
Source Port: $HTTP_PORTS
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "|20|system|2e|csrf|20 3d 20 22|"
-
Value: "|22 3b 0a 20|"
-
Value: "|20|system|2e|baseUrl|20 3d 20 22|"
-
Value: "|20|system|2e|uploadScnPDFUrl|20 3d 20 22|"
-
Value: "|20|system|2e|uploadScnTplPDFUrl|20 3d 20 22|"
-
Value: "|20|system|2e|appName|20 3d 20 22|"
Within: 200
PCRE:
Special Options:
-
file_data
-
fast_pattern