EmergingThreats> Main Web>2017850 (2022-05-19, TWikiGuest) EditAttach

#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED SPL2 PluginDetect? Data Hash"; flow:to_server,established; content:".html?id"; http_uri; fast_pattern:only; pcre:"/\.html\?id\d*?=[a-f0-9]{32}$/U"; pcre:"/GET\s[^\r\n]*?(?P\/[^\.\/]+\.html)\?id\d*?=[a-f0-9]{32}\sHTTP\/1\..+?\r\nReferer\x3a\x20[^\r\n]*?(?P=name)(:?\d{1,5})?\r\n/s"; classtype:trojan-activity; sid:2017850; rev:3; metadata:created_at 2013_12_13, former_category CURRENT_EVENTS, updated_at 2017_09_20;)

Added 2022-05-19 19:06:22 UTC

#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED SPL2 PluginDetect? Data Hash"; flow:to_server,established; content:".html?id"; http_uri; fast_pattern:only; pcre:"/\.html\?id\d*?=[a-f0-9]{32}$/U"; pcre:"/GET\s[^\r\n]*?(?P\/[^\.\/]+\.html)\?id\d*?=[a-f0-9]{32}\sHTTP\/1\..+?\r\nReferer\x3a\x20[^\r\n]*?(?P=name)(:?\d{1,5})?\r\n/s"; classtype:trojan-activity; sid:2017850; rev:2; metadata:created_at 2013_12_13, former_category CURRENT_EVENTS, updated_at 2017_09_20;)

Added 2020-08-05 19:09:29 UTC

#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED SPL2 PluginDetect? Data Hash"; flow:to_server,established; content:".html?id"; http_uri; fast_pattern:only; pcre:"/\.html\?id\d*?=[a-f0-9]{32}$/U"; pcre:"/GET\s[^\r\n]*?(?P\/[^\.\/]+\.html)\?id\d*?=[a-f0-9]{32}\sHTTP\/1\..+?\r\nReferer\x3a\x20[^\r\n]*?(?P=name)(:?\d{1,5})?\r\n/s"; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2017850; rev:2; metadata:created_at 2013_12_13, updated_at 2017_09_20;)

Added 2018-09-13 19:48:10 UTC

Added 2018-09-13 17:58:16 UTC

#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED SPL2 PluginDetect? Data Hash"; flow:to_server,established; content:".html?id"; http_uri; fast_pattern:only; pcre:"/\.html\?id\d*?=[a-f0-9]{32}$/U"; pcre:"/GET\s[^\r\n]*?(?P\/[^\.\/]+\.html)\?id\d*?=[a-f0-9]{32}\sHTTP\/1\..+?\r\nReferer\x3a\x20[^\r\n]*?(?P=name)(:?\d{1,5})?\r\n/s"; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2017850; rev:2; metadata:created_at 2013_12_13, updated_at 2017_09_20;)

Added 2017-09-21 09:55:19 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS SPL2 PluginDetect? Data Hash"; flow:to_server,established; content:".html?id"; http_uri; fast_pattern:only; pcre:"/\.html\?id\d*?=[a-f0-9]{32}$/U"; pcre:"/GET\s[^\r\n]*?(?P\/[^\.\/]+\.html)\?id\d*?=[a-f0-9]{32}\sHTTP\/1\..+?\r\nReferer\x3a\x20[^\r\n]*?(?P=name)(:?\d{1,5})?\r\n/s"; classtype:trojan-activity; sid:2017850; rev:2; metadata:created_at 2013_12_13, updated_at 2013_12_13;)

Added 2017-08-07 21:11:50 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS SPL2 PluginDetect? Data Hash"; flow:to_server,established; content:".html?id"; http_uri; fast_pattern:only; pcre:"/\.html\?id\d*?=[a-f0-9]{32}$/U"; pcre:"/^GET\s[^\r\n]*?(?P\/[^\.\/]+\.html)\?id\d*?=[a-f0-9]{32}\sHTTP\/1\..+?\r\nReferer\x3a\x20[^\r\n]*?(?P=name)(:?\d{1,5})?\r\n/s"; classtype:trojan-activity; sid:2017850; rev:2;)

Added 2013-12-13 03:42:41 UTC

Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2022-05-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats