#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible CVE-2013-3906 CnC? Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"MyWebClient"; depth:11; http_user_agent; reference:url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets; classtype:trojan-activity; sid:2017671; rev:6; metadata:created_at 2013_11_06, former_category CURRENT_EVENTS, updated_at 2013_11_06;) Added 2022-05-19 19:06:21 UTC
#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible CVE-2013-3906 CnC? Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"MyWebClient"; depth:11; http_user_agent; reference:url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets; classtype:trojan-activity; sid:2017671; rev:5; metadata:created_at 2013_11_06, former_category CURRENT_EVENTS, updated_at 2013_11_06;) Added 2020-08-05 19:09:24 UTC
#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible CVE-2013-3906 CnC? Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"MyWebClient"; depth:11; http_user_agent; metadata: former_category CURRENT_EVENTS; reference:url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets; classtype:trojan-activity; sid:2017671; rev:5; metadata:created_at 2013_11_06, updated_at 2013_11_06;) Added 2019-08-15 20:33:17 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible CVE-2013-3906 CnC? Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"MyWebClient"; depth:11; http_user_agent; reference:url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets; classtype:trojan-activity; sid:2017671; rev:5; metadata:created_at 2013_11_06, updated_at 2013_11_06;) Added 2018-09-13 19:47:57 UTC
Added 2018-09-13 17:58:09 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible CVE-2013-3906 CnC? Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"MyWebClient"; depth:11; http_user_agent; reference:url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets; classtype:trojan-activity; sid:2017671; rev:5; metadata:created_at 2013_11_06, updated_at 2013_11_06;) Added 2017-08-07 21:11:36 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible CVE-2013-3906 CnC? Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"User-Agent|3a| MyWebClient?"; http_header; reference:url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets; classtype:trojan-activity; sid:2017671; rev:3;) Added 2013-11-06 11:52:18 UTC
Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actionsTopic revision: r1 - 2022-05-19 - TWikiGuest
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © Emerging Threats