冰蝎动态二进制加密WebShell基于流量侧检测方案

    alert http any any -> any any(msg:”MALWARE-BACKDOOR Behinder webshell online detected”; flow:established,to_client; pcre: “/[^/w/s>][/w]{2}[^/w/s>][a-zA-Z/d]{2}/”;content: “200 OK”; content: “Content-Type: text/html”;flowbits: isset, bx_first_post_req; classtype:web-attack; sid:3000025; rev:1;metadata:created_at 2019_11_20, updated_at 2019_11_20;)
    alert http any any -> any any(msg:”MALWARE-BACKDOOR Behinder webshell-jspx online”; flow:established,to_server; pcre:”//r/n/r/n[a-zA-Z/d/+//]{10,}//[a-zA-Z/d//]{50}/”; content:”Content-Type: application/octet-stream”; fast_pattern; flowbits:isset, bx_second_get_resp; flowbits: set, bx_req_jspx; noalert;classtype:web-attack; sid:3000026; rev:1; metadata:created_at 2019_11_20,updated_at 2019_11_20;)
    alert http any any -> any any(msg:”MALWARE-BACKDOOR Behinder webshell-jspx online”; flow:established,to_client; pcre:”/[^/w/s>pattern; flowbits: isset, bx_req_jspx; classtype:web-attack; sid:3000027;rev:1; metadata:created_at 2019_11_20, updated_at 2019_11_20;)
 

上一页  [1] [2] [3] 

 3/4   首页 上一页 1 2 3 4 下一页 尾页