alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN DOCHTML C&C http directive in HTML comments"; flow:established,from_server; content:"|3c|!-- DOCHTMLhttp|3a|//"; reference:url,blog.accuvantlabs.com/blog/dgrif/anatomy-targeted-attack; classtype:trojan-activity; sid:2015616; rev:2;)

Added 2012-08-30 16:53:41 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN DOCHTML C&C http directive in HTML comments"; flow:established,from_server; content:"

Topic revision: r1 - 2012-08-30 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats