#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible CVE-2013-3906 CnC? Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"MyWebClient"; depth:11; http_user_agent; reference:url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets; classtype:trojan-activity; sid:2017671; rev:6; metadata:created_at 2013_11_06, former_category CURRENT_EVENTS, updated_at 2013_11_06;)

Added 2022-05-19 19:06:21 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible CVE-2013-3906 CnC? Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"MyWebClient"; depth:11; http_user_agent; reference:url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets; classtype:trojan-activity; sid:2017671; rev:5; metadata:created_at 2013_11_06, former_category CURRENT_EVENTS, updated_at 2013_11_06;)

Added 2020-08-05 19:09:24 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible CVE-2013-3906 CnC? Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"MyWebClient"; depth:11; http_user_agent; metadata: former_category CURRENT_EVENTS; reference:url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets; classtype:trojan-activity; sid:2017671; rev:5; metadata:created_at 2013_11_06, updated_at 2013_11_06;)

Added 2019-08-15 20:33:17 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible CVE-2013-3906 CnC? Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"MyWebClient"; depth:11; http_user_agent; reference:url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets; classtype:trojan-activity; sid:2017671; rev:5; metadata:created_at 2013_11_06, updated_at 2013_11_06;)

Added 2018-09-13 19:47:57 UTC


Added 2018-09-13 17:58:09 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible CVE-2013-3906 CnC? Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"MyWebClient"; depth:11; http_user_agent; reference:url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets; classtype:trojan-activity; sid:2017671; rev:5; metadata:created_at 2013_11_06, updated_at 2013_11_06;)

Added 2017-08-07 21:11:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible CVE-2013-3906 CnC? Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"User-Agent|3a| MyWebClient?"; http_header; reference:url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets; classtype:trojan-activity; sid:2017671; rev:3;)

Added 2013-11-06 11:52:18 UTC


Topic revision: r1 - 2022-05-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats