alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible TDS Exploit Kit /flow redirect at .ru domain"; flow:established,to_server; urilen:<12; content:"GET"; http_method; content:"/flow"; fast_pattern; depth:5; http_uri; pcre:"/^\d{1,2}\.php$/UR"; content:".ru"; http_host; isdataat:!1,relative; metadata: former_category EXPLOIT_KIT; classtype:bad-unknown; sid:2015897; rev:4; metadata:created_at 2012_11_19, updated_at 2020_02_04;)

Added 2020-02-04 20:21:07 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible TDS Exploit Kit /flow redirect at .ru domain"; flow:established,to_server; urilen:<12; content:"/flow"; fast_pattern; depth:5; http_uri; content:".php"; distance:1; within:5; http_uri; content:"GET"; http_method; content:".ru|0d 0a|"; http_header; pcre:"/^\/flow\d{1,2}\.php$/U"; metadata: former_category EXPLOIT_KIT; classtype:bad-unknown; sid:2015897; rev:3; metadata:created_at 2012_11_19, updated_at 2012_11_19;)

Added 2019-09-26 19:57:14 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible TDS Exploit Kit /flow redirect at .ru domain"; flow:established,to_server; urilen:<12; content:"/flow"; fast_pattern; depth:5; http_uri; content:".php"; distance:1; within:5; http_uri; content:"GET"; http_method; content:".ru|0d 0a|"; http_header; pcre:"/^\/flow\d{1,2}\.php$/U"; classtype:bad-unknown; sid:2015897; rev:3; metadata:created_at 2012_11_19, updated_at 2012_11_19;)

Added 2018-09-13 19:45:49 UTC


Added 2018-09-13 17:57:01 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible TDS Exploit Kit /flow redirect at .ru domain"; flow:established,to_server; urilen:<12; content:"/flow"; fast_pattern; depth:5; http_uri; content:".php"; distance:1; within:5; http_uri; content:"GET"; http_method; content:".ru|0d 0a|"; http_header; pcre:"/^\/flow\d{1,2}\.php$/U"; classtype:bad-unknown; sid:2015897; rev:3; metadata:created_at 2012_11_19, updated_at 2012_11_19;)

Added 2017-08-07 21:09:31 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible TDS Exploit Kit /flow redirect at .ru domain"; flow:established,to_server; urilen:<12; content:"/flow"; fast_pattern; depth:5; http_uri; content:".php"; distance:1; within:5; http_uri; content:"GET"; http_method; content:".ru|0d 0a|"; http_header; pcre:"/^\/flow\d{1,2}\.php$/U"; classtype:bad-unknown; sid:2015897; rev:2;)

Added 2012-11-20 02:06:14 UTC


Topic revision: r1 - 2020-02-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats