alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS SUSPICIOUS XXTEA UTF-16 Encoded HTTP Response"; flow:from_server,established; content:"u|00|t|00|f|00|8|00|t|00|o|00|1|00|6|00|"; nocase; content:"x|00|x|00|t|00|e|00|a|00|_|00|d|00|e|00|c|00|r|00|y|00|p|00|t|00|"; nocase; fast_pattern; content:"b|00|a|00|s|00|e|00|6|00|4|00|d|00|e|00|c|00|o|00|d|00|e"; nocase; metadata: former_category CURRENT_EVENTS; classtype:bad-unknown; sid:2018175; rev:2; metadata:created_at 2014_02_25, updated_at 2014_02_25;)

Added 2019-10-09 19:08:52 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS SUSPICIOUS XXTEA UTF-16 Encoded HTTP Response"; flow:from_server,established; content:"u|00|t|00|f|00|8|00|t|00|o|00|1|00|6|00|"; nocase; content:"x|00|x|00|t|00|e|00|a|00|_|00|d|00|e|00|c|00|r|00|y|00|p|00|t|00|"; nocase; fast_pattern; content:"b|00|a|00|s|00|e|00|6|00|4|00|d|00|e|00|c|00|o|00|d|00|e"; nocase; classtype:bad-unknown; sid:2018175; rev:2; metadata:created_at 2014_02_25, updated_at 2014_02_25;)

Added 2018-09-13 19:48:28 UTC


Added 2018-09-13 17:58:28 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS SUSPICIOUS XXTEA UTF-16 Encoded HTTP Response"; flow:from_server,established; content:"u|00|t|00|f|00|8|00|t|00|o|00|1|00|6|00|"; nocase; content:"x|00|x|00|t|00|e|00|a|00|_|00|d|00|e|00|c|00|r|00|y|00|p|00|t|00|"; nocase; fast_pattern; content:"b|00|a|00|s|00|e|00|6|00|4|00|d|00|e|00|c|00|o|00|d|00|e"; nocase; classtype:bad-unknown; sid:2018175; rev:2; metadata:created_at 2014_02_25, updated_at 2014_02_25;)

Added 2017-08-07 21:12:13 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS SUSPICIOUS XXTEA UTF-16 Encoded HTTP Response"; flow:from_server,established; content:"u|00|t|00|f|00|8|00|t|00|o|00|1|00|6|00|"; nocase; content:"x|00|x|00|t|00|e|00|a|00|_|00|d|00|e|00|c|00|r|00|y|00|p|00|t|00|"; nocase; fast_pattern; content:"b|00|a|00|s|00|e|00|6|00|4|00|d|00|e|00|c|00|o|00|d|00|e"; nocase; classtype:bad-unknown; sid:2018175; rev:2;)

Added 2014-02-25 19:42:02 UTC


Topic revision: r1 - 2019-10-09 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats