""ET TROJAN Possible UPSTYLE Payload Retrieval Attempt""
SID: 2052025
Revision: 1
Class Type: trojan-activity
Metadata: affected_product Palo_Alto_Networks, attack_target Networking_Equipment, tls_state TLSDecrypt, created_at 2024_04_12, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_04_12
Reference:
-
md5
-
0c1554888ce9ed0da1583dbdf7b31651
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "200"
-
Value: "systempth|20 3d 20 22|/usr/lib/python3.6/site-packages/system.pth|22|"
-
Value: "import base64|3b|exec|28|base64.b64decode"
-
Value: "|22|/opt/pancfg/mgmt/licenses/PA_VM|60 2a 22|"
Within: 100
PCRE:
Special Options:
-
http_stat_code
-
file_data