#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED SPL2 PluginDetect? Data Hash"; flow:to_server,established; content:".html?id"; http_uri; fast_pattern:only; pcre:"/\.html\?id\d*?=[a-f0-9]{32}$/U"; pcre:"/GET\s[^\r\n]*?(?P\/[^\.\/]+\.html)\?id\d*?=[a-f0-9]{32}\sHTTP\/1\..+?\r\nReferer\x3a\x20[^\r\n]*?(?P=name)(:?\d{1,5})?\r\n/s"; classtype:trojan-activity; sid:2017850; rev:3; metadata:created_at 2013_12_13, former_category CURRENT_EVENTS, updated_at 2017_09_20;)

Added 2022-05-19 19:06:22 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED SPL2 PluginDetect? Data Hash"; flow:to_server,established; content:".html?id"; http_uri; fast_pattern:only; pcre:"/\.html\?id\d*?=[a-f0-9]{32}$/U"; pcre:"/GET\s[^\r\n]*?(?P\/[^\.\/]+\.html)\?id\d*?=[a-f0-9]{32}\sHTTP\/1\..+?\r\nReferer\x3a\x20[^\r\n]*?(?P=name)(:?\d{1,5})?\r\n/s"; classtype:trojan-activity; sid:2017850; rev:2; metadata:created_at 2013_12_13, former_category CURRENT_EVENTS, updated_at 2017_09_20;)

Added 2020-08-05 19:09:29 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED SPL2 PluginDetect? Data Hash"; flow:to_server,established; content:".html?id"; http_uri; fast_pattern:only; pcre:"/\.html\?id\d*?=[a-f0-9]{32}$/U"; pcre:"/GET\s[^\r\n]*?(?P\/[^\.\/]+\.html)\?id\d*?=[a-f0-9]{32}\sHTTP\/1\..+?\r\nReferer\x3a\x20[^\r\n]*?(?P=name)(:?\d{1,5})?\r\n/s"; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2017850; rev:2; metadata:created_at 2013_12_13, updated_at 2017_09_20;)

Added 2018-09-13 19:48:10 UTC


Added 2018-09-13 17:58:16 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED SPL2 PluginDetect? Data Hash"; flow:to_server,established; content:".html?id"; http_uri; fast_pattern:only; pcre:"/\.html\?id\d*?=[a-f0-9]{32}$/U"; pcre:"/GET\s[^\r\n]*?(?P\/[^\.\/]+\.html)\?id\d*?=[a-f0-9]{32}\sHTTP\/1\..+?\r\nReferer\x3a\x20[^\r\n]*?(?P=name)(:?\d{1,5})?\r\n/s"; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2017850; rev:2; metadata:created_at 2013_12_13, updated_at 2017_09_20;)

Added 2017-09-21 09:55:19 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS SPL2 PluginDetect? Data Hash"; flow:to_server,established; content:".html?id"; http_uri; fast_pattern:only; pcre:"/\.html\?id\d*?=[a-f0-9]{32}$/U"; pcre:"/GET\s[^\r\n]*?(?P\/[^\.\/]+\.html)\?id\d*?=[a-f0-9]{32}\sHTTP\/1\..+?\r\nReferer\x3a\x20[^\r\n]*?(?P=name)(:?\d{1,5})?\r\n/s"; classtype:trojan-activity; sid:2017850; rev:2; metadata:created_at 2013_12_13, updated_at 2013_12_13;)

Added 2017-08-07 21:11:50 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS SPL2 PluginDetect? Data Hash"; flow:to_server,established; content:".html?id"; http_uri; fast_pattern:only; pcre:"/\.html\?id\d*?=[a-f0-9]{32}$/U"; pcre:"/^GET\s[^\r\n]*?(?P\/[^\.\/]+\.html)\?id\d*?=[a-f0-9]{32}\sHTTP\/1\..+?\r\nReferer\x3a\x20[^\r\n]*?(?P=name)(:?\d{1,5})?\r\n/s"; classtype:trojan-activity; sid:2017850; rev:2;)

Added 2013-12-13 03:42:41 UTC


Topic revision: r1 - 2022-05-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats