#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Eleonore Exploit Pack activity variant May 2010"; flow:established,to_server; content:".php?spl="; http_uri; pcre:"/\?spl=MS[0-9]{2}-[0-9]{3}$/U"; reference:url,www.offensivecomputing.net/?q=node/1419; reference:url,doc.emergingthreats.net/2010248; classtype:trojan-activity; sid:2011128; rev:4; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
Added 2018-02-01 17:11:35 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Eleonore Exploit Pack activity variant May 2010"; flow:established,to_server; content:".php?spl="; http_uri; pcre:"/\?spl=MS[0-9]{2}-[0-9]{3}$/U"; reference:url,www.offensivecomputing.net/?q=node/1419; reference:url,doc.emergingthreats.net/2010248; classtype:trojan-activity; sid:2011128; rev:4; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
Added 2017-08-07 21:04:17 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Eleonore Exploit Pack activity variant May 2010"; flow:established,to_server; content:".php?spl="; http_uri; pcre:"/\?spl=MS[0-9]{2}-[0-9]{3}$/U"; reference:url,www.offensivecomputing.net/?q=node/1419; reference:url,doc.emergingthreats.net/2010248; classtype:trojan-activity; sid:2011128; rev:2;)
Added 2011-10-12 19:31:23 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Eleonore Exploit Pack activity variant May 2010"; flow:established,to_server; content:".php?spl="; http_uri; pcre:"/\?spl=MS[0-9]{2}-[0-9]{3}$/U"; classtype:trojan-activity; reference:url,www.offensivecomputing.net/?q=node/1419; reference:url,doc.emergingthreats.net/2010248; sid:2011128; rev:2;)
Added 2011-09-14 22:44:35 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Eleonore Exploit Pack activity variant May 2010"; flow:established,to_server; content:".php?spl="; http_uri; pcre:"/\?spl=MS[0-9]{2}-[0-9]{3}$/U"; classtype:trojan-activity; reference:url,www.offensivecomputing.net/?q=node/1419; reference:url,doc.emergingthreats.net/2010248; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Eleaonore; sid:2011128; rev:2;)
Added 2011-02-04 17:30:53 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Eleonore Exploit Pack activity variant May 2010"; flow:established,to_server; uricontent:".php?spl="; pcre:"/\?spl=MS[0-9]{2}-[0-9]{3}$/U"; classtype:trojan-activity; reference:url,www.offensivecomputing.net/?q=node/1419; reference:url,doc.emergingthreats.net/2010248;reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Eleaonore; sid:2011128; rev:1;)
Added 2010-05-20 10:46:05 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Eleonore Exploit Pack activity variant May 2010"; flow:established,to_server; uricontent:".php?spl="; pcre:"/\?spl=MS[0-9]{2}-[0-9]{3}$/U"; classtype:trojan-activity; reference:url,www.offensivecomputing.net/?q=node/1419; reference:url,doc.emergingthreats.net/2010248;reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Eleaonore; sid:2011128; rev:1;)
Added 2010-05-20 10:43:59 UTC