2019914 < Main < EmergingThreats

Main Web>2019914 (2019-10-08, TWikiGuest) (raw view)
 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY HTTP Request to WebDAV CloudMe Service"; flow:established,to_server; content:"webdav.cloudme.com"; http_header; fast_pattern; pcre:"/^Host\x3a[^\r\n]+?webdav\.cloudme\.com[^\r\n]*?\r?$/Hmi"; reference:url,securelist.com/blog/research/68083/cloud-atlas-redoctober-apt-is-back-in-style/; classtype:policy-violation; sid:2019914; rev:3; metadata:created_at 2014_12_10, updated_at 2019_10_07;)

</h2>

Added 2019-10-08 19:34:16 UTC


 %COMMENT{type="threadmode" default="Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps." button="Add to Documentation" }%
 
 <hr>
 


 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY HTTP Request to WebDAV CloudMe Service"; flow:established,to_server; content:"webdav.cloudme.com"; http_header; fast_pattern:only; pcre:"/^Host\x3a[^\r\n]+?webdav\.cloudme\.com[^\r\n]*?\r?$/Hmi"; reference:url,securelist.com/blog/research/68083/cloud-atlas-redoctober-apt-is-back-in-style/; classtype:policy-violation; sid:2019914; rev:2; metadata:created_at 2014_12_10, updated_at 2014_12_10;)

</h2>

Added 2018-09-13 19:50:03 UTC


 
 <hr>
 


 <h2>
 


</h2>

Added 2018-09-13 17:59:25 UTC


 
 <hr>
 


 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY HTTP Request to WebDAV CloudMe Service"; flow:established,to_server; content:"webdav.cloudme.com"; http_header; fast_pattern:only; pcre:"/^Host\x3a[^\r\n]+?webdav\.cloudme\.com[^\r\n]*?\r?$/Hmi"; reference:url,securelist.com/blog/research/68083/cloud-atlas-redoctober-apt-is-back-in-style/; classtype:policy-violation; sid:2019914; rev:2; metadata:created_at 2014_12_10, updated_at 2014_12_10;)

</h2>

Added 2017-08-07 21:14:16 UTC


 
 <hr>
 


 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY HTTP Request to WebDAV CloudMe Service"; flow:established,to_server; content:"webdav.cloudme.com"; http_header; fast_pattern:only; pcre:"/^Host\x3a[^\r\n]+?webdav\.cloudme\.com[^\r\n]*?\r?$/Hmi"; reference:url,securelist.com/blog/research/68083/cloud-atlas-redoctober-apt-is-back-in-style/; classtype:policy-violation; sid:2019914; rev:2;)

</h2>

Added 2014-12-11 14:39:45 UTC


 
 <hr>
 


 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY HTTP Request to WebDAV CloudMe Service"; flow:established,to_server; content:"webdav.cloudme.com"; http_header; fast_pattern:only; pcre:"/^Host\x3a[^\r\n]+?webdav\.cloudme\.com[^\r\n]*?\r?$/Hmi"; reference:url,bluecoat.com/security-blog/2014-12-09/blue-coat-exposes-%22-inception-framework%22-very-sophisticated-layered-malware; classtype:policy-violation; sid:2019914; rev:2;)

</h2>

Added 2014-12-11 11:34:41 UTC


 
 <hr>
 


 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY HTTP Request to WebDAV CloudMe Service"; flow:established,to_server; content:"webdav.cloudme.com"; http_header; fast_pattern:only; pcre:"/^Host\x3a[^\r\n]+?webdav\.cloudme\.com[^\r\n]*?\r?$/Hmi"; reference:url,bluecoat.com/security-blog/2014-12-09/blue-coat-exposes-%22-inception-framework%22-very-sophisticated-layered-malware; classtype:policy-violation; sid:2019914; rev:2;)

</h2>

Added 2014-12-10 21:25:29 UTC


 
 <hr>
Topic revision: r1 - 2019-10-08 - TWikiGuest
Main
User Reference
ATasteOfTWiki
TextFormattingRules
Signature Reference
WebRss Feed
EmergingFAQ