alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Obfuscated Javascript // ptth (escaped)"; flow:from_server,established; content:"200"; http_stat_code; file_data; content:"%2F%2F%3A%70%74%74%68"; classtype:bad-unknown; sid:2012326; rev:6;)

Added 2015-04-06 20:49:38 UTC

Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps.

-- JohnZee - 2015-09-30


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT Obfuscated Javascript // ptth (escaped)"; flow:from_server,established; content:"200"; http_stat_code; content:"%2F%2F%3A%70%74%74%68"; classtype:bad-unknown; sid:2012326; rev:2;)

Added 2011-10-12 19:33:59 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT Obfuscated Javascript // ptth (escaped)"; flow:from_server,established; content:"200"; http_stat_code; content:"%2F%2F%3A%70%74%74%68"; classtype:bad-unknown; sid:2012326; rev:2;)

Added 2011-07-21 21:00:35 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT Obfuscated Javascript // ptth (escaped)"; flow: to_server,established; content:"200"; http_stat_code; content:"%2F%2F%3A%70%74%74%68"; fast_pattern; classtype:bad-unknown; sid:2012326; rev:1;)

Added 2011-02-21 17:32:02 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT Obfuscated Javascript // ptth (escaped)"; flow: to_server,established; content:"200"; http_stat_code; content:"%2F%2F%3A%70%74%74%68"; fast_pattern; classtype:bad-unknown; sid:2012326; rev:1;)

Added 2011-02-21 17:31:52 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT Obfuscated Javascript // ptth (escaped)"; flow: to_server,established; content:"200"; http_stat_code; content:"%2F%2F%3A%70%74%74%68"; fast_pattern; classtype:bad-unknown; sid:2012326; rev:1;)

Added 2011-02-21 16:59:46 UTC


Topic revision: r2 - 2015-09-30 - JohnZee
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats