#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Download of Microsoft Office File From Chinese Content-Language Website"; flow:established,to_client; content:"Content-Language|3A| zh-cn"; nocase; http_header; file_data; content:"|D0 CF 11 E0 A1 B1 1A E1|"; distance:0; classtype:trojan-activity; sid:2012526; rev:1;)

Added 2011-10-12 19:34:34 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Download of Microsoft Office File From Chinese Content-Language Website"; flow:established,to_client; content:"Content-Language|3A| zh-cn"; nocase; http_header; file_data; content:"|D0 CF 11 E0 A1 B1 1A E1|"; distance:0; classtype:trojan-activity; sid:2012526; rev:1;)

Added 2011-03-21 15:28:40 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats