#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Possible Dynamic DNS Exploit Pack Payload"; flow:established,to_server; content:".php"; http_uri; content:"quote="; distance:0; http_uri; content:"tid=";http_uri; content:"fid="; http_uri; flowbits:set,et.exploitkitlanding; classtype:bad-unknown; sid:2014445; rev:5;)

Added 2015-06-19 16:26:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Dynamic DNS Exploit Pack Payload"; flow:established,to_server; content:".php"; http_uri; content:"quote="; distance:0; http_uri; content:"tid=";http_uri; content:"fid="; http_uri; flowbits:set,et.exploitkitlanding; classtype:bad-unknown; sid:2014445; rev:6;)

Added 2012-04-12 17:10:44 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Dynamic DNS Exploit Pack Payload"; flow:established,to_server; content:"/de/"; http_uri; depth:4; content:".php"; distance:0; http_uri; content:"quote="; distance:0; http_uri; content:"tid=";http_uri; content:"fid="; http_uri; flowbits:set,et.exploitkitlanding; classtype:bad-unknown; sid:2014445; rev:5;)

Added 2012-03-31 09:36:55 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS RDG possible dynamic dns exploit pack payload"; flow:established,to_server; content:"/de/"; http_uri; depth:4; content:".php"; distance:0; http_uri; content:"quote="; distance:0; http_uri; content:"tid=";http_uri; content:"fid="; http_uri; flowbits:set,et.exploitkitlanding; classtype:bad-unknown; sid:2014445; rev:4;)

Added 2012-03-29 23:28:02 UTC


Topic revision: r1 - 2015-06-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats