alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CritXPack? Landing Pattern"; flow:established,to_server; content:"/i.php?token="; http_uri; nocase; fast_pattern:only; pcre:"/\/i.php?token=[a-z0-9]+$/Ui"; classtype:trojan-activity; sid:2015998; rev:2;)

Added 2013-02-05 17:13:55 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CritXPack? Landing Pattern"; flow:established,to_server; content:"/i.php?token="; http_uri; fast_pattern:only; pcre:"/\/i.php?token=[a-z0-9]+$/U"; classtype:trojan-activity; sid:2015998; rev:1;)

Added 2012-12-07 19:21:01 UTC


Topic revision: r1 - 2013-02-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats