Et rule 2044122 - Magic-SigExplorer

SID: 2044122

Revision: 1

Class Type: trojan-activity

Metadata: attack_target Web_Server, created_at 2023_02_06, deployment Perimeter, confidence Medium, signature_severity Major, updated_at 2023_02_06

Reference:

Link

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: established,to_server

Contents:

Value: "GET / HTTP/1.0"
Value: "User-Agent|3a 20|360|20|Safe|20|Browser|20|2.0|0d 0a|"

Within:

PCRE:

Special Options:

http_header

source

""ET TROJAN Suspected NginxSpy Related Request (Inbound)""