alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1"; flow:established,to_server; content:"POST"; http_method; content:!"groove.microsoft.com|0d 0a|"; http_header; content:" MSIE "; nocase; http_header; fast_pattern; content:!"Accept-Encoding|3a|"; http_header; content:!"Referer|3a|"; http_header; content:!"User-Agent|3a| Mozilla/4.0 (compatible|3b 20|MSIE 6.0|3b 20|DynGate)"; http_header; content:!"X-Requested-With|3a 20|"; http_header; nocase; content:!"Windows Live Messenger"; http_header; content:!"MS Web Services Client Protocol"; http_header; pcre:"/^Host\x3a\s*?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?:\x3a|\r?\n)/Hmi"; content:"|0d 0a 0d 0a|"; content:!"grooveDNS|3a|//"; http_client_body; classtype:bad-unknown; sid:2018358; rev:7; metadata:created_at 2014_04_04, updated_at 2014_04_04;)

Added 2018-09-13 19:48:39 UTC


Added 2018-09-13 17:58:36 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1"; flow:established,to_server; content:"POST"; http_method; content:!"groove.microsoft.com|0d 0a|"; http_header; content:" MSIE "; nocase; http_header; fast_pattern; content:!"Accept-Encoding|3a|"; http_header; content:!"Referer|3a|"; http_header; content:!"User-Agent|3a| Mozilla/4.0 (compatible|3b 20|MSIE 6.0|3b 20|DynGate)"; http_header; content:!"X-Requested-With|3a 20|"; http_header; nocase; content:!"Windows Live Messenger"; http_header; content:!"MS Web Services Client Protocol"; http_header; pcre:"/^Host\x3a\s*?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?:\x3a|\r?\n)/Hmi"; content:"|0d 0a 0d 0a|"; content:!"grooveDNS|3a|//"; http_client_body; classtype:bad-unknown; sid:2018358; rev:7; metadata:created_at 2014_04_04, updated_at 2014_04_04;)

Added 2017-08-07 21:12:26 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1"; flow:established,to_server; content:"POST"; http_method; content:!"groove.microsoft.com|0d 0a|"; http_header; content:" MSIE "; nocase; http_header; fast_pattern; content:!"Accept-Encoding|3a|"; http_header; content:!"Referer|3a|"; http_header; content:!"User-Agent|3a| Mozilla/4.0 (compatible|3b 20|MSIE 6.0|3b 20|DynGate)"; http_header; content:!"X-Requested-With|3a 20|"; http_header; nocase; content:!"Windows Live Messenger"; http_header; content:!"MS Web Services Client Protocol"; http_header; pcre:"/^Host\x3a\s*?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?:\x3a|\r?\n)/Hmi"; content:"|0d 0a 0d 0a|"; content:!"grooveDNS|3a|//"; http_client_body; classtype:bad-unknown; sid:2018358; rev:7;)

Added 2016-01-15 17:30:27 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1"; flow:established,to_server; content:"POST"; http_method; content:" MSIE "; nocase; http_header; fast_pattern; content:!"Accept-Encoding|3a|"; http_header; content:!"Referer|3a|"; http_header; content:!"User-Agent|3a| Mozilla/4.0 (compatible|3b 20|MSIE 6.0|3b 20|DynGate)"; http_header; content:!"X-Requested-With|3a 20|"; http_header; nocase; content:!"Windows Live Messenger"; http_header; content:!"MS Web Services Client Protocol"; http_header; pcre:"/^Host\x3a\s*?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?:\x3a|\r?\n)/Hmi"; content:"|0d 0a 0d 0a|"; content:!"grooveDNS|3a|//"; http_client_body; classtype:bad-unknown; sid:2018358; rev:6;)

Added 2016-01-14 19:15:29 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1"; flow:established,to_server; content:"POST"; http_method; content:" MSIE "; nocase; http_user_agent; fast_pattern; content:!"Accept-Encoding|3a|"; http_header; content:!"Referer|3a|"; http_header; content:!"Mozilla/4.0 (compatible|3b 20|MSIE 6.0|3b 20|DynGate)"; http_user_agent; content:!"X-Requested-With|3a 20|"; http_header; nocase; content:!"Windows Live Messenger"; http_header; content:!"MS Web Services Client Protocol"; http_header; pcre:"/^Host\x3a\s*?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?:\x3a|\r?\n)/Hmi"; content:"|0d 0a 0d 0a|"; content:!"grooveDNS"; depth:20; http_client_body; classtype:bad-unknown; sid:2018358; rev:5;)

Added 2015-09-15 18:14:32 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1"; flow:established,to_server; content:"POST"; http_method; content:" MSIE "; nocase; http_user_agent; fast_pattern; content:!"Accept-Encoding|3a|"; http_header; content:!"Referer|3a|"; http_header; content:!"X-Requested-With|3a 20|"; http_header; nocase; content:!"Windows Live Messenger"; http_header; content:!"MS Web Services Client Protocol"; http_header; pcre:"/^Host\x3a\s*?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?:\x3a|\r?\n)/Hmi"; content:"|0d 0a 0d 0a|"; content:!"grooveDNS"; depth:20; http_client_body; classtype:bad-unknown; sid:2018358; rev:4;)

Added 2014-06-10 18:42:48 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1"; flow:established,to_server; content:"POST"; http_method; content:" MSIE "; nocase; http_header; fast_pattern; content:!"Accept-Encoding|3a|"; http_header; content:!"Referer|3a|"; http_header; content:!"X-Requested-With|3a 20|"; http_header; nocase; content:!"Windows Live Messenger"; http_header; content:!"MS Web Services Client Protocol"; http_header; pcre:"/^Host\x3a\s*?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?:\x3a|\r?\n)/Hmi"; content:"|0d 0a 0d 0a|"; classtype:bad-unknown; sid:2018358; rev:1;)

Added 2014-04-04 17:41:21 UTC


Topic revision: r1 - 2018-09-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats