alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile"; flow:established,to_server; content:"AutoIt"; http_user_agent; depth:6; flowbits:set,ET.autoit.ua; reference:url,doc.emergingthreats.net/bin/view/Main/2008350; classtype:policy-violation; sid:2008350; rev:7; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:01:31 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile"; flow:established,to_server; content:"User-Agent|3a| AutoIt?"; http_header; flowbits:set,ET.autoit.ua; reference:url,doc.emergingthreats.net/bin/view/Main/2008350; classtype:policy-violation; sid:2008350; rev:6;)

Added 2013-12-23 17:29:57 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile"; flow:established,to_server; content:"User-Agent|3a| AutoIt?"; http_header; reference:url,doc.emergingthreats.net/bin/view/Main/2008350; classtype:policy-violation; sid:2008350; rev:5;)

Added 2011-10-12 19:24:57 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile"; flow:established,to_server; content:"User-Agent|3a| AutoIt?"; http_header; classtype:policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2008350; sid:2008350; rev:5;)

Added 2011-09-14 22:38:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile"; flow:established,to_server; content:"User-Agent|3a| AutoIt?"; http_header; classtype:policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2008350; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Autoit; sid:2008350; rev:5;)

Added 2011-02-04 17:27:30 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile"; flow:established,to_server; content:"|0d 0a|User-Agent\: AutoIt?"; classtype:policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2008350; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Autoit; sid:2008350; rev:3;)

Added 2009-06-26 11:31:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile"; flow:established,to_server; content:"|0d 0a|User-Agent\: AutoIt?"; classtype:policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2008350; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Autoit; sid:2008350; rev:3;)

Added 2009-06-26 11:31:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile"; flow:established,to_server; content:"|0d 0a|User-Agent\: AutoIt? v"; classtype:policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2008350; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Autoit; sid:2008350; rev:2;)

Added 2009-02-10 20:53:04 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile"; flow:established,to_server; content:"|0d 0a|User-Agent\: AutoIt? v"; classtype:policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2008350; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Autoit; sid:2008350; rev:2;)

Added 2009-02-10 20:53:04 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile"; flow:established,to_server; content:"|0d 0a|User-Agent\: AutoIt? v"; classtype:policy-violation; sid:2008350; rev:1;)

Added 2008-06-26 11:14:59 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats