alert http $HTTP_SERVERS any -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE r57 phpshell footer detected"; flow:established,from_server; content:"r57shell - http-shell by RST/GHC"; reference:url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755; reference:url,doc.emergingthreats.net/bin/view/Main/2003535; classtype:web-application-activity; sid:2003535; rev:8; metadata:created_at 2010_07_30, updated_at 2019_09_27;) Added 2019-09-27 18:52:01 UTC
alert http $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE r57 phpshell footer detected"; flow:established,from_server; content:"r57shell - http-shell by RST/GHC"; reference:url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755; reference:url,doc.emergingthreats.net/bin/view/Main/2003535; classtype:web-application-activity; sid:2003535; rev:7; metadata:created_at 2010_07_30, updated_at 2010_07_30;) Added 2018-09-13 19:38:52 UTC
Added 2018-09-13 17:53:18 UTC
alert http $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE r57 phpshell footer detected"; flow:established,from_server; content:"r57shell - http-shell by RST/GHC"; reference:url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755; reference:url,doc.emergingthreats.net/bin/view/Main/2003535; classtype:web-application-activity; sid:2003535; rev:7; metadata:created_at 2010_07_30, updated_at 2010_07_30;) Added 2017-08-07 20:56:47 UTC
alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE r57 phpshell footer detected"; flow:established,from_server; file_data; content:"r57shell - http-shell by RST/GHC"; fast_pattern:only; reference:url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755; reference:url,doc.emergingthreats.net/bin/view/Main/2003535; classtype:web-application-activity; sid:2003535; rev:8;) Added 2011-10-12 19:13:38 UTC
alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE r57 phpshell footer detected"; flow:established,from_server; file_data; content:"r57shell - http-shell by RST/GHC"; fast_pattern:only; classtype:web-application-activity; reference:url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755; reference:url,doc.emergingthreats.net/bin/view/Main/2003535; sid:2003535; rev:8;) Added 2011-09-14 22:26:38 UTC
alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE r57 phpshell footer detected"; flow:established,from_server; file_data; content:"r57shell - http-shell by RST/GHC"; fast_pattern:only; classtype:web-application-activity; reference:url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755; reference:url,doc.emergingthreats.net/bin/view/Main/2003535; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells; sid:2003535; rev:8;) Added 2011-02-04 17:22:32 UTC
alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE r57 phpshell footer detected"; flow:established,from_server; content:"r57shell - http-shell by RST/GHC"; classtype:web-application-activity; reference:url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755; reference:url,doc.emergingthreats.net/bin/view/Main/2003535; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells; sid:2003535; rev:6;) Added 2010-06-15 13:15:59 UTC
alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE r57 phpshell footer detected"; flow:established,from_server; content:"r57shell - http-shell by RST/GHC"; classtype:web-application-activity; reference:url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755; reference:url,doc.emergingthreats.net/bin/view/Main/2003535; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells; sid:2003535; rev:6;) Added 2010-06-15 13:15:59 UTC
alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK RESPONSE r57 phpshell footer detected"; flow:established,from_server; content:"r57shell - http-shell by RST/GHC"; classtype:web-application-activity; reference:url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755; reference:url,doc.emergingthreats.net/bin/view/Main/2003535; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells; sid:2003535; rev:5;) Added 2009-02-06 19:00:55 UTC
alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK RESPONSE r57 phpshell footer detected"; flow:established,from_server; content:"r57shell - http-shell by RST/GHC"; classtype:web-application-activity; reference:url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755; reference:url,doc.emergingthreats.net/bin/view/Main/2003535; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells; sid:2003535; rev:5;) Added 2009-02-06 19:00:55 UTC
alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK RESPONSE r57 phpshell footer detected"; flow:established,from_server; content:"r57shell - http-shell by RST/GHC"; classtype:web-application-activity; reference:url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755; sid:2003535; rev:4;) Added 2008-05-18 19:52:13 UTC
alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ET ATTACK RESPONSE r57 phpshell footer detected"; flow:established,from_server; content:"r57shell - http-shell by RST/GHC"; classtype:web-application-activity; reference:url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755; sid:2003535; rev:4;) Added 2008-05-18 19:52:13 UTC
alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:"ET ATTACK RESPONSE r57 phpshell footer detected"; content:"r57shell - http-shell by RST/GHC"; classtype:web-application-activity; reference:url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755; sid:2003535; rev:2;) Added 2008-01-23 10:46:28 UTC
alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:"ET ATTACK RESPONSE r57 phpshell footer detected"; content:"r57shell - http-shell by RST/GHC"; classtype:web-application-activity; reference:url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755; sid:2003535; rev:2;) Added 2008-01-23 10:46:27 UTC
alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:"BLEEDING-EDGE ATTACK RESPONSE r57 phpshell footer detected"; content:"r57shell - http-shell by RST/GHC"; classtype:web-application-activity; reference:url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755; sid:2003535; rev:1;) Added 2007-11-02 00:32:08 UTC
alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:"BLEEDING-EDGE ATTACK RESPONSE r57 phpshell footer detected"; content:"r57shell - http-shell by RST/GHC"; classtype:web-application-activity; reference:url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755; sid:2003535; rev:1;) Added 2007-11-02 00:32:08 UTC
alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:"BLEEDING-EDGE ATTACK RESPONSE r57 phpshell footer detected"; content:"r57shell - http-shell by RST/GHC"; classtype:web-application-activity; reference:url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755; sid:2003535; rev:1;) Added 2007-04-05 11:00:40 UTC fixed a doubled quote in the msg -- MattJonkman - 05 Apr 2007
alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:""BLEEDING-EDGE ATTACK RESPONSE r57 phpshell footer detected"; content:"r57shell - http-shell by RST/GHC"; classtype:web-application-activity; reference:url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755; sid:2003535; rev:1;) Added 2007-04-05 10:15:20 UTC By Cees Elzinga -- MattJonkman - 05 Apr 2007 Reference sister rule: http://doc.bleedingthreats.net/bin/view/Main/2003536 -- MattJonkman - 05 Apr 2007 R57shell is a russian php shell, but an english translation is built-in. The shell has all kinds of functionality, including:
- Executing shell commands
- Editing files
- Executing php code
- Sending e-mail
- Installing a backdoor
- Simple ftp brute forcer
- And so on...
Topic revision: r5 - 2007-04-05 - CeesElzinga
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © Emerging Threats