alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN OS X Backdoor Checkin"; flow:established,to_server; content:"Accept-Encoding|3a 20|base64,gzip"; http_header; fast_pattern; content:"|20|Mac|20|OS|20|X|3a|"; http_header; reference:url,www.securelist.com/en/blog/208193467/SabPub_Mac_OS_X_Backdoor_Java_Exploits_Targeted_Attacks_and_Possible_APT_link; classtype:trojan-activity; sid:2014564; rev:1;)

Added 2012-04-16 18:46:11 UTC


Topic revision: r1 - 2012-04-16 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats