alert tcp $HOME_NET any -> 209.139.208.0/23 $HTTP_PORTS (msg:"ET CURRENT_EVENTS Scalaxy Secondary Landing Page 10/11/12"; flow:to_server,established; content:"/q"; http_uri; depth:2; pcre:"/^\/q[a-zA-Z0-9+-]{3,14}\/[a-zA-Z0-9+-]{3,16}\?[a-z]{1,6}=[a-zA-Z0-9+-\._]{7,18}$/U"; classtype:trojan-activity; sid:2015792; rev:1;)

Added 2012-10-11 22:12:14 UTC


Topic revision: r1 - 2012-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats