alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS GrandSoft? PDF Payload Download"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a 20|http|3a|//"; http_header; fast_pattern; http_start; pcre:"/^GET (?P(\/[A-Za-z0-9]+)?\/\d+\/\d+)\sHTTP\/1\.1\r\nUser-Agent\x3a\x20http\x3a\/\/(?P[^\r\n]+)(?P=uri)\r\nHost\x3a\x20(?P=host)\r\n(\r\n)?$/"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2016764; rev:18; metadata:created_at 2013_04_17, former_category CURRENT_EVENTS, updated_at 2020_11_05;)

Added 2020-11-05 18:35:55 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS GrandSoft? PDF Payload Download"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a 20|http|3a|//"; http_header; fast_pattern; http_start; pcre:"/^GET (?P(\/[A-Za-z0-9]+)?\/\d+\/\d+)\sHTTP\/1\.1\r\nUser-Agent\x3a\x20http\x3a\/\/(?P[^\r\n]+)(?P=uri)\r\nHost\x3a\x20(?P=host)\r\n(\r\n)?$/"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2016764; rev:18; metadata:created_at 2013_04_17, former_category CURRENT_EVENTS, updated_at 2020_03_09;)

Added 2020-08-05 19:09:02 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS GrandSoft? PDF Payload Download"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a 20|http|3a|//"; http_header; fast_pattern; http_start; pcre:"/^GET (?P(\/[A-Za-z0-9]+)?\/\d+\/\d+)\sHTTP\/1\.1\r\nUser-Agent\x3a\x20http\x3a\/\/(?P[^\r\n]+)(?P=uri)\r\nHost\x3a\x20(?P=host)\r\n(\r\n)?$/"; flowbits:set,et.exploitkitlanding; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2016764; rev:18; metadata:created_at 2013_04_17, updated_at 2020_03_09;)

Added 2020-03-09 21:02:07 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS GrandSoft? PDF Payload Download"; flow:established,to_server; content:"User-Agent|3a 20|http|3a|//"; http_header; fast_pattern; pcre:"/^GET (?P(\/[A-Za-z0-9]+)?\/\d+\/\d+)\sHTTP\/1\.1\r\nUser-Agent\x3a\x20http\x3a\/\/(?P[^\r\n]+)(?P=uri)\r\nHost\x3a\x20(?P=host)\r\n(\r\n)?$/"; flowbits:set,et.exploitkitlanding; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2016764; rev:17; metadata:created_at 2013_04_17, updated_at 2019_10_07;)

Added 2019-10-08 19:34:09 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS GrandSoft? PDF Payload Download"; flow:established,to_server; content:"User-Agent|3a 20|http|3a|//"; http_header; fast_pattern:only; pcre:"/^GET (?P(\/[A-Za-z0-9]+)?\/\d+\/\d+)\sHTTP\/1\.1\r\nUser-Agent\x3a\x20http\x3a\/\/(?P[^\r\n]+)(?P=uri)\r\nHost\x3a\x20(?P=host)\r\n(\r\n)?$/"; flowbits:set,et.exploitkitlanding; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2016764; rev:16; metadata:created_at 2013_04_17, updated_at 2018_03_06;)

Added 2018-09-13 19:46:48 UTC


Added 2018-09-13 17:57:34 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS GrandSoft? PDF Payload Download"; flow:established,to_server; content:"User-Agent|3a 20|http|3a|//"; http_header; fast_pattern:only; pcre:"/^GET (?P(\/[A-Za-z0-9]+)?\/\d+\/\d+)\sHTTP\/1\.1\r\nUser-Agent\x3a\x20http\x3a\/\/(?P[^\r\n]+)(?P=uri)\r\nHost\x3a\x20(?P=host)\r\n(\r\n)?$/"; flowbits:set,et.exploitkitlanding; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2016764; rev:16; metadata:created_at 2013_04_17, updated_at 2018_03_06;)

Added 2018-03-07 17:59:16 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS GrandSoft? PDF Payload Download"; flow:established,to_server; content:"User-Agent|3a 20|http|3a|//"; http_header; fast_pattern:only; pcre:"/^GET (?P(\/[A-Za-z0-9]+)?\/\d+\/\d+)\sHTTP\/1\.1\r\nUser-Agent\x3a\x20http\x3a\/\/(?P[^\r\n]+)(?P=uri)\r\nHost\x3a\x20(?P=host)\r\n(\r\n)?$/"; flowbits:set,et.exploitkitlanding; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2016764; rev:15; metadata:created_at 2013_04_17, updated_at 2018_03_06;)

Added 2018-03-06 17:52:12 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS SofosFO? PDF Payload Download"; flow:established,to_server; content:"User-Agent|3a 20|http|3a|//"; http_header; fast_pattern:only; pcre:"/^GET (?P(\/[A-Za-z0-9]+)?\/\d+\/\d+)\sHTTP\/1\.1\r\nUser-Agent\x3a\x20http\x3a\/\/(?P[^\r\n]+)(?P=uri)\r\nHost\x3a\x20(?P=host)\r\n(\r\n)?$/"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2016764; rev:15; metadata:created_at 2013_04_17, updated_at 2013_04_17;)

Added 2017-08-07 21:10:33 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS SofosFO? PDF Payload Download"; flow:established,to_server; content:"User-Agent|3a 20|http|3a|//"; http_header; fast_pattern:only; pcre:"/^GET (?P(\/[A-Za-z0-9]+)?\/\d+\/\d+)\sHTTP\/1\.1\r\nUser-Agent\x3a\x20http\x3a\/\/(?P[^\r\n]+)(?P=uri)\r\nHost\x3a\x20(?P=host)\r\n(\r\n)?$/"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2016764; rev:14;)

Added 2014-04-21 19:36:52 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS SofosFO? PDF Payload Download"; flow:established,to_server; content:"User-Agent|3a 20|http|3a|//"; http_header; fast_pattern:only; pcre:"/^GET (?P(\/[A-Za-z0-9]+)?\/\d+\/\d+)\sHTTP/1\.1\r\nUser-Agent\x3a\x20http\x3a\/\/(?P[^\r\n]+)(?P=uri)\r\nHost\x3a\x20(?P=host)\r\n(\r\n)?$/"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2016764; rev:13;)

Added 2013-11-08 19:05:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS SofosFO? PDF Payload Download"; flow:established,to_server; content:"User-Agent|3a 20|http|3a|//"; http_header; fast_pattern:only; pcre:"/^GET (?P\/[A-Za-z0-9]+\/\d+\/\d+)\sHTTP/1\.1\r\nUser-Agent\x3a\x20http\x3a\/\/(?P[^\r\n]+)(?P=uri)\r\nHost\x3a\x20(?P=host)\r\n(\r\n)?$/"; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2016764; rev:12;)

Added 2013-04-17 22:19:32 UTC



This topic: Main > 2016764
Topic revision: r1 - 2020-11-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats