alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY External IP Address Lookup - b4secure .com"; flow:established,to_server; urilen:12; content:"/index.shtml"; http_uri; content:"Host|3a 20|"; http_header; content:"b4secure.com|0d 0a|"; distance:0; http_header; fast_pattern; pcre:"/^Host\x3a[^\r\n]+(?:www\.)?b4secure\.com\r$/Hmi"; metadata: former_category POLICY; reference:url,researchcenter.paloaltonetworks.com/2016/10/unit42-psa-conference-invite-used-lure-operation-lotus-blossom-actors/; classtype:policy-violation; sid:2023469; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, signature_severity Audit, created_at 2016_10_31, malware_family Emissary, malware_family Lotus_Blossom, updated_at 2017_10_12;)

Added 2017-10-13 16:25:27 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY External IP Address Lookup - b4secure .com"; flow:established,to_server; urilen:12; content:"/index.shtml"; http_uri; content:"Host|3a 20|"; http_header; content:"b4secure.com|0d 0a|"; distance:0; http_header; fast_pattern; pcre:"/^Host\x3a[^\r\n]+(?:www\.)?b4secure\.com\r$/Hmi"; metadata: former_category POLICY; reference:url,researchcenter.paloaltonetworks.com/2016/10/unit42-psa-conference-invite-used-lure-operation-lotus-blossom-actors/; classtype:policy-violation; sid:2023469; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, signature_severity Audit, created_at 2016_10_31, malware_family Emissary, malware_family Lotus_Blossom, updated_at 2017_10_12;)

Added 2017-10-12 16:20:34 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY External IP Address Lookup - b4secure .com"; flow:established,to_server; urilen:12; content:"/index.shtml"; http_uri; content:"Host|3a 20|"; http_header; content:"b4secure.com|0d 0a|"; distance:0; http_header; fast_pattern; pcre:"/^Host\x3a[^\r\n]+(?:www\.)?b4secure\.com\r$/Hmi"; reference:url,researchcenter.paloaltonetworks.com/2016/10/unit42-psa-conference-invite-used-lure-operation-lotus-blossom-actors/; classtype:policy-violation; sid:2023469; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, signature_severity Major, created_at 2016_10_31, malware_family Emissary, malware_family Lotus_Blossom, updated_at 2016_10_31;)

Added 2017-08-07 21:18:37 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY External IP Address Lookup - b4secure .com"; flow:established,to_server; urilen:12; content:"/index.shtml"; http_uri; content:"Host|3a 20|"; http_header; content:"b4secure.com|0d 0a|"; distance:0; http_header; fast_pattern; pcre:"/^Host\x3a[^\r\n]+(?:www\.)?b4secure\.com\r$/Hmi"; reference:url,researchcenter.paloaltonetworks.com/2016/10/unit42-psa-conference-invite-used-lure-operation-lotus-blossom-actors/; classtype:policy-violation; sid:2023469; rev:2;)

Added 2016-10-31 17:35:56 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY External IP Address Lookup - b4secure .com"; flow:established,to_server; urilen:12; content:"/index.shtml"; http_uri; content:"Host|3a 20|"; http_header; content:"b4secure.com|0d 0a|"; distance:0; http_header; fast_pattern; pcre:"/^Host\x3a[^\r\n]+(?:www\.)?b4secure\.com\r$/Hmi"; reference:url,researchcenter.paloaltonetworks.com/2016/10/unit42-psa-conference-invite-used-lure-operation-lotus-blossom-actors/; classtype:policy-violation; sid:2023469; rev:2;)

Added 2016-10-31 17:28:59 UTC


Topic revision: r1 - 2017-10-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats