alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related"; flow:established,to_server; content:".su"; http_host; isdataat:!1,relative; metadata: former_category POLICY; reference:url,www.abuse.ch/?p=3581; classtype:bad-unknown; sid:2014170; rev:4; metadata:created_at 2012_01_31, updated_at 2012_01_31;)

Added 2019-03-11 18:46:34 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related"; flow:established,to_server; content:".su"; http_host; isdataat:!1,relative; reference:url,www.abuse.ch/?p=3581; classtype:trojan-activity; sid:2014170; rev:3; metadata:created_at 2012_01_31, updated_at 2012_01_31;)

Added 2018-09-13 19:44:06 UTC


Added 2018-09-13 17:56:08 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related"; flow:established,to_server; content:".su|0d 0a|"; http_header; pcre:"/Host\x3A\x20[^\r\n]*\x2Esu\x0D\x0A/H"; reference:url,www.abuse.ch/?p=3581; classtype:trojan-activity; sid:2014170; rev:2; metadata:created_at 2012_01_31, updated_at 2012_01_31;)

Added 2017-08-07 21:07:30 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related"; flow:established,to_server; content:".su|0d 0a|"; fast_pattern:only; http_header; pcre:"/Host\x3A\x20[^\r\n]*\x2Esu\x0D\x0A/H"; reference:url,www.abuse.ch/?p=3581; classtype:trojan-activity; sid:2014170; rev:1;)

Added 2012-01-30 23:37:11 UTC


Topic revision: r1 - 2019-03-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats