#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible FortDisco? POP3 Site list download"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a 20|PrototypeB|0d 0a|"; http_header; fast_pattern:12,10; content:!"Accept|3a 20|"; http_header; content:!"Referer|3a 20|"; http_header; reference:md5,538a4cedad8791e27088666a4a6bf9c5; reference:md5,87c21bc9c804cefba6bb4148dbe4c4de; reference:url,www.abuse.ch/?p=5813; classtype:trojan-activity; sid:2017546; rev:3; metadata:created_at 2013_09_30, former_category CURRENT_EVENTS, updated_at 2013_09_30;)

Added 2020-11-24 17:54:49 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible FortDisco? POP3 Site list download"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a 20|PrototypeB|0d 0a|"; http_header; fast_pattern:12,10; content:!"Accept|3a 20|"; http_header; content:!"Referer|3a 20|"; http_header; reference:md5,538a4cedad8791e27088666a4a6bf9c5; reference:md5,87c21bc9c804cefba6bb4148dbe4c4de; reference:url,www.abuse.ch/?p=5813; classtype:trojan-activity; sid:2017546; rev:3; metadata:created_at 2013_09_30, updated_at 2013_09_30;)

Added 2018-09-13 19:47:48 UTC


Added 2018-09-13 17:58:05 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible FortDisco? POP3 Site list download"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a 20|PrototypeB|0d 0a|"; http_header; fast_pattern:12,10; content:!"Accept|3a 20|"; http_header; content:!"Referer|3a 20|"; http_header; reference:md5,538a4cedad8791e27088666a4a6bf9c5; reference:md5,87c21bc9c804cefba6bb4148dbe4c4de; reference:url,www.abuse.ch/?p=5813; classtype:trojan-activity; sid:2017546; rev:3; metadata:created_at 2013_09_30, updated_at 2013_09_30;)

Added 2017-11-28 16:37:25 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible FortDisco? POP3 Site list download"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a 20|PrototypeB|0d 0a|"; http_header; fast_pattern:12,10; content:!"Accept|3a 20|"; http_header; content:!"Referer|3a 20|"; http_header; reference:md5,538a4cedad8791e27088666a4a6bf9c5; reference:md5,87c21bc9c804cefba6bb4148dbe4c4de; reference:url,www.abuse.ch/?p=5813; classtype:trojan-activity; sid:2017546; rev:3; metadata:created_at 2013_09_30, updated_at 2013_09_30;)

Added 2017-08-07 21:11:28 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible FortDisco? POP3 Site list download"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a 20|PrototypeB|0d 0a|"; http_header; fast_pattern:12,10; content:!"Accept|3a 20|"; http_header; content:!"Referer|3a 20|"; http_header; reference:md5,538a4cedad8791e27088666a4a6bf9c5; reference:md5,87c21bc9c804cefba6bb4148dbe4c4de; reference:url,www.abuse.ch/?p=5813; classtype:trojan-activity; sid:2017546; rev:2;)

Added 2013-09-30 20:28:46 UTC


Topic revision: r1 - 2020-11-24 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats