alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN possible OneLouder? header structure"; flow:to_server,established; content:"Mozilla/4.0 (compatible|3b 20|MSIE 7.0|3b 20|Windows NT 6.0|3b|)|0d 0a|Host|3a|"; http_header; fast_pattern; http_header_names; content:!"Accept-Encoding|0d 0a|"; content:!"Referer|0d 0a|"; flowbits:set,ET.OneLouder.Header; flowbits:noalert; classtype:trojan-activity; sid:2018463; rev:10; metadata:created_at 2014_05_12, updated_at 2020_02_07;)

Added 2020-02-07 19:49:53 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN possible OneLouder? header structure"; flow:to_server,established; content:"Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 6.0|3b|)|0d 0a|Host|3a|"; http_header; fast_pattern:38,20; content:!"Accept-Encoding|3a|"; content:!"Referer"; http_header; flowbits:set,ET.OneLouder.Header; flowbits:noalert; classtype:trojan-activity; sid:2018463; rev:9; metadata:created_at 2014_05_12, updated_at 2014_05_12;)

Added 2018-09-13 19:48:45 UTC


Added 2018-09-13 17:58:39 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN possible OneLouder? header structure"; flow:to_server,established; content:"Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 6.0|3b|)|0d 0a|Host|3a|"; http_header; fast_pattern:38,20; content:!"Accept-Encoding|3a|"; content:!"Referer"; http_header; flowbits:set,ET.OneLouder.Header; flowbits:noalert; classtype:trojan-activity; sid:2018463; rev:9; metadata:created_at 2014_05_12, updated_at 2014_05_12;)

Added 2017-08-07 21:12:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN possible OneLouder? header structure"; flow:to_server,established; content:"Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 6.0|3b|)|0d 0a|Host|3a|"; http_header; fast_pattern:38,20; content:!"Accept-Encoding|3a|"; content:!"Referer"; http_header; flowbits:set,ET.OneLouder.Header; flowbits:noalert; classtype:trojan-activity; sid:2018463; rev:8;)

Added 2014-05-28 16:58:32 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN possible OneLouder? header structure"; flow:to_server,established; content:"Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 6.0|3b|)|0d 0a|Host|3a|"; http_header; fast_pattern:38,20; content:!"Accept-Encoding|3a|"; content:!"Referer"; http_header; flowbits:set,ET.OneLouder.Header; flowbits:noalert; classtype:trojan-activity; sid:2018463; rev:7;)

Added 2014-05-21 17:55:45 UTC


##alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED possible OneLouder? header structure"; flow:to_server,established; content:!"Accept-Language|3a|"; http_header; content:!"Referer"; http_header; content:"Accept|3a 20|*/*|0d 0a|Accept-Encoding|3a 20|gzip, deflate|0d 0a|User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE "; fast_pattern:67,20; depth:87; http_header; pcre:"/User-Agent\x3a[^\r\n]+\r\nHost\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:Pragma\x3a\x20no-cache\r\n)(?:\r\n)?$/H"; flowbits:set,ET.OneLouder.Header; flowbits:noalert; classtype:trojan-activity; sid:2018463; rev:6;)

Added 2014-05-13 10:23:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS possible OneLouder? header structure"; flow:to_server,established; content:!"Accept-Language|3a|"; http_header; content:!"Referer"; http_header; content:"Accept|3a 20|*/*|0d 0a|Accept-Encoding|3a 20|gzip, deflate|0d 0a|User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE "; fast_pattern:67,20; depth:87; http_header; pcre:"/User-Agent\x3a[^\r\n]+\r\nHost\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:Pragma\x3a\x20no-cache\r\n)(?:\r\n)?$/H"; flowbits:set,ET.OneLouder.Header; flowbits:noalert; classtype:trojan-activity; sid:2018463; rev:5;)

Added 2014-05-12 19:24:05 UTC


Topic revision: r1 - 2020-02-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats