#alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED AirOS? .css Worm Outbound Propagation Sweep"; flow:established,to_server; content:"/admin.cgi/.gif"; http_uri; pcre:"/Host\x3a ([0-9]{1,3}\.){3}[0-9]{1,3}/H"; reference:url,seclists.org/fulldisclosure/2011/Dec/419; reference:url,www.root.cz/clanky/virus-v-bezdratovych-routerech-skynet/; classtype:trojan-activity; sid:2014041; rev:6; metadata:created_at 2011_12_28, updated_at 2011_12_28;)

Added 2017-08-07 21:07:21 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED AirOS? .css Worm Outbound Propagation Sweep"; flow:established,to_server; content:"/admin.cgi/.gif"; http_uri; pcre:"/Host\x3a ([0-9]{1,3}\.){3}[0-9]{1,3}/H"; reference:url,seclists.org/fulldisclosure/2011/Dec/419; reference:url,www.root.cz/clanky/virus-v-bezdratovych-routerech-skynet/; classtype:trojan-activity; sid:2014041; rev:6;)

Added 2014-08-28 18:33:52 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET WORM AirOS? .css Worm Outbound Propagation Sweep"; flow:established,to_server; content:"/admin.cgi/.gif"; http_uri; pcre:"/Host\x3a ([0-9]{1,3}\.){3}[0-9]{1,3}/H"; reference:url,seclists.org/fulldisclosure/2011/Dec/419; reference:url,www.root.cz/clanky/virus-v-bezdratovych-routerech-skynet/; classtype:trojan-activity; sid:2014041; rev:8;)

Added 2012-01-06 16:36:21 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET WORM AirOS? .css Worm Outbound Propagation Sweep"; flow:established,to_server; content:"POST"; http_method; content:"/admin.cgi/"; http_uri; fast_pattern:only; content:".css HTTP/1."; depth:100; content:"Content-Type|3A| multipart/form-data"; http_header; threshold:type limit, track by_src, count 50, seconds 600; reference:url,seclists.org/fulldisclosure/2011/Dec/419; classtype:trojan-activity; sid:2014041; rev:4;)

Added 2011-12-30 19:58:59 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET WORM AirOS? .css Worm Outbound Propagation Sweep"; flow:established,to_server; content:"POST"; http_method; content:"/admin.cgi/"; http_uri; fast_pattern:only; content:".css HTTP/1."; depth:100; content:"Content-Type|3A| multipart/form-data"; http_header; threshold:type limit, track by_src, count 50, seconds 600; reference:url,seclists.org/fulldisclosure/2011/Dec/419; classtype:trojan-activity; sid:2014041; rev:4;)

Added 2011-12-30 19:24:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET WORM AirOS? .css Worm Outbound Propagation Sweep"; flow:established,to_server; content:"POST"; http_method; content:"/admin.cgi/"; http_uri; fast_pattern:only; content:".css HTTP/1."; depth:100; content:"Content-Type|3A| multipart/form-data"; http_header; threshold:type limit, track by_src, count 50, seconds 600; reference:url,seclists.org/fulldisclosure/2011/Dec/419; classtype:trojan-activity; sid:2014041; rev:4;)

Added 2011-12-30 18:03:28 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET WORM AirOS? sd.css Worm Outbound Propagation Sweep"; flow:established,to_server; content:"POST"; http_method; content:"/admin.cgi/"; http_uri; fast_pattern:only; content:".css HTTP/1."; depth:100; content:"Content-Type|3A| multipart/form-data"; http_header; threshold:type limit, track by_src, count 50, seconds 600; reference:url,seclists.org/fulldisclosure/2011/Dec/419; classtype:trojan-activity; sid:2014041; rev:3;)

Added 2011-12-28 10:16:49 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats