EmergingThreats> Main Web>2011128 (2018-02-01, TWikiGuest) EditAttach

#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Eleonore Exploit Pack activity variant May 2010"; flow:established,to_server; content:".php?spl="; http_uri; pcre:"/\?spl=MS[0-9]{2}-[0-9]{3}$/U"; reference:url,www.offensivecomputing.net/?q=node/1419; reference:url,doc.emergingthreats.net/2010248; classtype:trojan-activity; sid:2011128; rev:4; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2018-02-01 17:11:35 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Eleonore Exploit Pack activity variant May 2010"; flow:established,to_server; content:".php?spl="; http_uri; pcre:"/\?spl=MS[0-9]{2}-[0-9]{3}$/U"; reference:url,www.offensivecomputing.net/?q=node/1419; reference:url,doc.emergingthreats.net/2010248; classtype:trojan-activity; sid:2011128; rev:4; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:04:17 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Eleonore Exploit Pack activity variant May 2010"; flow:established,to_server; content:".php?spl="; http_uri; pcre:"/\?spl=MS[0-9]{2}-[0-9]{3}$/U"; reference:url,www.offensivecomputing.net/?q=node/1419; reference:url,doc.emergingthreats.net/2010248; classtype:trojan-activity; sid:2011128; rev:2;)

Added 2011-10-12 19:31:23 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Eleonore Exploit Pack activity variant May 2010"; flow:established,to_server; content:".php?spl="; http_uri; pcre:"/\?spl=MS[0-9]{2}-[0-9]{3}$/U"; classtype:trojan-activity; reference:url,www.offensivecomputing.net/?q=node/1419; reference:url,doc.emergingthreats.net/2010248; sid:2011128; rev:2;)

Added 2011-09-14 22:44:35 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Eleonore Exploit Pack activity variant May 2010"; flow:established,to_server; content:".php?spl="; http_uri; pcre:"/\?spl=MS[0-9]{2}-[0-9]{3}$/U"; classtype:trojan-activity; reference:url,www.offensivecomputing.net/?q=node/1419; reference:url,doc.emergingthreats.net/2010248; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Eleaonore; sid:2011128; rev:2;)

Added 2011-02-04 17:30:53 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Eleonore Exploit Pack activity variant May 2010"; flow:established,to_server; uricontent:".php?spl="; pcre:"/\?spl=MS[0-9]{2}-[0-9]{3}$/U"; classtype:trojan-activity; reference:url,www.offensivecomputing.net/?q=node/1419; reference:url,doc.emergingthreats.net/2010248;reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Eleaonore; sid:2011128; rev:1;)

Added 2010-05-20 10:46:05 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Eleonore Exploit Pack activity variant May 2010"; flow:established,to_server; uricontent:".php?spl="; pcre:"/\?spl=MS[0-9]{2}-[0-9]{3}$/U"; classtype:trojan-activity; reference:url,www.offensivecomputing.net/?q=node/1419; reference:url,doc.emergingthreats.net/2010248;reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Eleaonore; sid:2011128; rev:1;)

Added 2010-05-20 10:43:59 UTC

Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2018-02-01 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats