#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED RedKit? - Landing Page Received - applet and 5digit jar"; flow:established,to_client; content:"<applet"; fast_pattern; content:".jar"; distance:0; pcre:"/\W[0-9]{5}\.jar/"; classtype:trojan-activity; sid:2014894; rev:4;)

Added 2015-07-28 18:51:06 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS RedKit? - Landing Page Received - applet and 5digit jar"; flow:established,to_client; content:"<applet"; fast_pattern; content:".jar"; distance:0; pcre:"/\W[0-9]{5}\.jar/"; classtype:trojan-activity; sid:2014894; rev:7;)

Added 2012-07-13 21:15:02 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS RedKit? - Landing Page Received - applet and 5digit jar"; flow:established,to_client; content:"<applet"; fast_pattern; content:".jar"; pcre:"/[0-9]{5}\.jar/"; classtype:trojan-activity; sid:2014894; rev:6;)

Added 2012-06-18 23:14:59 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS RedKit? - Landing Page Received - <applet and 5digit jar"; flow:established,to_client; content:"<applet"; fast_pattern; content:".jar"; pcre:"/[0-9]{5}\.jar/"; classtype:trojan-activity; sid:2014894; rev:4;)

Added 2012-06-15 00:50:33 UTC


Topic revision: r1 - 2015-07-28 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats