alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN EgyPack? Exploit Kit Post-Infection Request"; flow:established,to_server; content:"User-Agent|3a| Egypack"; nocase; http_header; flowbits:set,et.exploitkitlanding; reference:url,www.kahusecurity.com/2011/new-exploit-kit-egypack/; reference:url,www.vbulletin.com/forum/forum/vbulletin-3-8/vbulletin-3-8-questions-problems-and-troubleshooting/346989-vbulletin-footer-sql-injection-hack; reference:url,blog.webroot.com/2013/03/29/a-peek-inside-the-egypack-web-malware-exploitation-kit/; classtype:trojan-activity; sid:2013176; rev:6; metadata:created_at 2011_07_04, updated_at 2011_07_04;)

Added 2017-08-07 21:06:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN EgyPack? Exploit Kit Post-Infection Request"; flow:established,to_server; content:"User-Agent|3a| Egypack"; nocase; http_header; flowbits:set,et.exploitkitlanding; reference:url,www.kahusecurity.com/2011/new-exploit-kit-egypack/; reference:url,www.vbulletin.com/forum/forum/vbulletin-3-8/vbulletin-3-8-questions-problems-and-troubleshooting/346989-vbulletin-footer-sql-injection-hack; reference:url,blog.webroot.com/2013/03/29/a-peek-inside-the-egypack-web-malware-exploitation-kit/; classtype:trojan-activity; sid:2013176; rev:5;)

Added 2013-04-01 22:51:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN EgyPack? Exploit Kit Post-Infection Request"; flow:established,to_server; content:"User-Agent|3a| Egypack"; nocase; http_header; flowbits:set,et.exploitkitlanding; reference:url,www.kahusecurity.com/2011/new-exploit-kit-egypack/; reference:url,www.vbulletin.com/forum/showthread.php/338741-vBulletin-Footer-SQL-Injection-Hack; classtype:trojan-activity; sid:2013176; rev:4;)

Added 2012-01-04 18:22:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN EgyPack? Exploit Kit Post-Infection Request"; flow:established,to_server; content:"User-Agent|3a| Egypack"; nocase; http_header; reference:url,www.kahusecurity.com/2011/new-exploit-kit-egypack/; reference:url,www.vbulletin.com/forum/showthread.php/338741-vBulletin-Footer-SQL-Injection-Hack; classtype:trojan-activity; sid:2013176; rev:3;)

Added 2011-10-12 19:36:17 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN EgyPack? Exploit Kit Post-Infection Request"; flow:established,to_server; content:"User-Agent|3a| Egypack"; nocase; http_header; classtype:trojan-activity; reference:url,www.kahusecurity.com/2011/new-exploit-kit-egypack/; reference:url,www.vbulletin.com/forum/showthread.php/338741-vBulletin-Footer-SQL-Injection-Hack; sid:2013176; rev:3;)

Added 2011-07-05 19:13:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN EgyPack? Exploit Kit Post-Infection Request"; flow:established,to_server; content:"User-Agent|3a| Egypack"; nocase; http_header; classtype:trojan-activity; reference:url,www.kahusecurity.com/2011/new-exploit-kit-egypack/; sid:2013176; rev:2;)

Added 2011-07-04 21:08:45 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats