alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN BroBot? POST"; flow:established,to_server; content:"POST"; http_method; content:"Mozilla/5.0 Firefox/3.6.12"; http_user_agent; fast_pattern; depth:26; isdataat:!1,relative; pcre:"/^(?:c(?:omment|_id)|m(?:jdu)?)=/P"; threshold: type limit, count 1, seconds 300, track by_src; classtype:web-application-attack; sid:2016212; rev:5; metadata:created_at 2013_01_15, updated_at 2019_10_16;)

Added 2019-10-16 18:59:36 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN BroBot? POST"; flow:established,to_server; content:"POST"; http_method; content:"User-Agent|3a 20|Mozilla/5.0 Firefox/3.6.12|0d 0a|"; http_header; fast_pattern:20,20; pcre:"/^(?:c(?:omment|_id)|m(?:jdu)?)=/P"; threshold: type limit, count 1, seconds 300, track by_src; classtype:web-application-attack; sid:2016212; rev:4; metadata:created_at 2013_01_15, updated_at 2013_01_15;)

Added 2018-09-13 19:46:10 UTC


Added 2018-09-13 17:57:13 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN BroBot? POST"; flow:established,to_server; content:"POST"; http_method; content:"User-Agent|3a 20|Mozilla/5.0 Firefox/3.6.12|0d 0a|"; http_header; fast_pattern:20,20; pcre:"/^(?:c(?:omment|_id)|m(?:jdu)?)=/P"; threshold: type limit, count 1, seconds 300, track by_src; classtype:web-application-attack; sid:2016212; rev:4; metadata:created_at 2013_01_15, updated_at 2013_01_15;)

Added 2017-08-07 21:09:54 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN BroBot? POST"; flow:established,to_server; content:"POST"; http_method; content:"User-Agent|3a 20|Mozilla/5.0 Firefox/3.6.12|0d 0a|"; http_header; fast_pattern:20,20; pcre:"/^(?:c(?:omment|_id)|m(?:jdu)?)=/P"; threshold: type limit, count 1, seconds 300, track by_src; classtype:web-application-attack; sid:2016212; rev:4;)

Added 2014-09-19 17:22:45 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS BroBot? POST"; flow:established,to_server; content:"POST"; http_method; content:"User-Agent|3a 20|Mozilla/5.0 Firefox/3.6.12|0d 0a|"; http_header; fast_pattern:20,20; pcre:"/^(?:c(?:omment|_id)|m(?:jdu)?)=/P"; threshold: type limit, count 1, seconds 300, track by_src; classtype:web-application-attack; sid:2016212; rev:2;)

Added 2013-02-26 19:19:10 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS BroBot? POST"; flow:established,to_server; content:"POST"; http_method; content:"c_id="; fast_pattern; http_client_body; depth:5; content:"User-Agent|3a 20|Mozilla/5.0 Firefox/3.6.12|0d 0a|"; http_header; threshold: type limit, count 1, seconds 300, track by_src; classtype:web-application-attack; sid:2016212; rev:1;)

Added 2013-01-15 21:17:24 UTC


Topic revision: r1 - 2019-10-16 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats