#alert http $HOME_NET any -> $EXTERNAL_NET 80 (msg:"ET DELETED Job314/Neutrino Reboot EK Payload Nov 20 2014"; flow:established,to_server; content:!"Referer|3a|"; http_header; content:!"Accept-"; http_header; content:"Windows NT"; fast_pattern:only; http_header; content:"User-Agent|3a 20|Mozilla"; content:"GET"; http_method; pcre:"/^\/(?:[a-z]+\.[a-z]+\d?\?(?:[a-z]+\x3d(?:[a-z]+|[0-9]+)&){2,}[a-z]+=(?:[a-z]+|[0-9]+)|(?:[a-z]+\x2f(?:[a-z]+|[0-9]+)\x2f){3,}[a-z]+\x2f(?:[a-z]+|[0-9]+)\x2f?)$/U"; classtype:trojan-activity; sid:2020388; rev:9; metadata:created_at 2015_02_10, former_category CURRENT_EVENTS, updated_at 2018_06_18;)

Added 2022-05-19 19:06:32 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET 80 (msg:"ET DELETED Job314/Neutrino Reboot EK Payload Nov 20 2014"; flow:established,to_server; content:!"Referer|3a|"; http_header; content:!"Accept-"; http_header; content:"Windows NT"; fast_pattern:only; http_header; content:"User-Agent|3a 20|Mozilla"; content:"GET"; http_method; pcre:"/^\/(?:[a-z]+\.[a-z]+\d?\?(?:[a-z]+\x3d(?:[a-z]+|[0-9]+)&){2,}[a-z]+=(?:[a-z]+|[0-9]+)|(?:[a-z]+\x2f(?:[a-z]+|[0-9]+)\x2f){3,}[a-z]+\x2f(?:[a-z]+|[0-9]+)\x2f?)$/U"; classtype:trojan-activity; sid:2020388; rev:8; metadata:created_at 2015_02_10, former_category CURRENT_EVENTS, updated_at 2018_06_18;)

Added 2021-09-21 19:59:56 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET 80 (msg:"ET DELETED Job314/Neutrino Reboot EK Payload Nov 20 2014"; flow:established,to_server; content:!"Referer|3a|"; http_header; content:!"Accept-"; http_header; content:"Windows NT"; fast_pattern:only; http_header; content:"User-Agent|3a 20|Mozilla"; content:"GET"; http_method; pcre:"/^\/(?:[a-z]+\.[a-z]+\d?\?(?:[a-z]+\x3d(?:[a-z]+|[0-9]+)&){2,}[a-z]+=(?:[a-z]+|[0-9]+)|(?:[a-z]+\x2f(?:[a-z]+|[0-9]+)\x2f){3,}[a-z]+\x2f(?:[a-z]+|[0-9]+)\x2f?)$/U"; classtype:trojan-activity; sid:2020388; rev:8; metadata:created_at 2015_02_09, former_category CURRENT_EVENTS, updated_at 2018_06_18;)

Added 2020-08-05 19:10:49 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET 80 (msg:"ET DELETED Job314/Neutrino Reboot EK Payload Nov 20 2014"; flow:established,to_server; content:!"Referer|3a|"; http_header; content:!"Accept-"; http_header; content:"Windows NT"; fast_pattern:only; http_header; content:"User-Agent|3a 20|Mozilla"; content:"GET"; http_method; pcre:"/^\/(?:[a-z]+\.[a-z]+\d?\?(?:[a-z]+\x3d(?:[a-z]+|[0-9]+)&){2,}[a-z]+=(?:[a-z]+|[0-9]+)|(?:[a-z]+\x2f(?:[a-z]+|[0-9]+)\x2f){3,}[a-z]+\x2f(?:[a-z]+|[0-9]+)\x2f?)$/U"; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2020388; rev:8; metadata:created_at 2015_02_09, updated_at 2018_06_18;)

Added 2018-09-13 19:50:33 UTC


Added 2018-09-13 17:59:42 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET 80 (msg:"ET DELETED Job314/Neutrino Reboot EK Payload Nov 20 2014"; flow:established,to_server; content:!"Referer|3a|"; http_header; content:!"Accept-"; http_header; content:"Windows NT"; fast_pattern:only; http_header; content:"User-Agent|3a 20|Mozilla"; content:"GET"; http_method; pcre:"/^\/(?:[a-z]+\.[a-z]+\d?\?(?:[a-z]+\x3d(?:[a-z]+|[0-9]+)&){2,}[a-z]+=(?:[a-z]+|[0-9]+)|(?:[a-z]+\x2f(?:[a-z]+|[0-9]+)\x2f){3,}[a-z]+\x2f(?:[a-z]+|[0-9]+)\x2f?)$/U"; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2020388; rev:8; metadata:created_at 2015_02_09, updated_at 2018_06_18;)

Added 2018-06-18 16:40:43 UTC


alert http $HOME_NET any -> $EXTERNAL_NET 80 (msg:"ET CURRENT_EVENTS Job314/Neutrino Reboot EK Payload Nov 20 2014"; flow:established,to_server; content:!"Referer|3a|"; http_header; content:!"Accept-"; http_header; content:"Windows NT"; fast_pattern:only; http_header; content:"User-Agent|3a 20|Mozilla"; content:"GET"; http_method; pcre:"/^\/(?:[a-z]+\.[a-z]+\d?\?(?:[a-z]+\x3d(?:[a-z]+|[0-9]+)&){2,}[a-z]+=(?:[a-z]+|[0-9]+)|(?:[a-z]+\x2f(?:[a-z]+|[0-9]+)\x2f){3,}[a-z]+\x2f(?:[a-z]+|[0-9]+)\x2f?)$/U"; classtype:trojan-activity; sid:2020388; rev:8; metadata:created_at 2015_02_09, updated_at 2015_02_09;)

Added 2017-08-07 21:14:52 UTC


alert http $HOME_NET any -> $EXTERNAL_NET 80 (msg:"ET CURRENT_EVENTS Job314/Neutrino Reboot EK Payload Nov 20 2014"; flow:established,to_server; content:!"Referer|3a|"; http_header; content:!"Accept-"; http_header; content:"Windows NT"; fast_pattern:only; http_header; content:"User-Agent|3a 20|Mozilla"; content:"GET"; http_method; pcre:"/^\/(?:[a-z]+\.[a-z]+\d?\?(?:[a-z]+\x3d(?:[a-z]+|[0-9]+)&){2,}[a-z]+=(?:[a-z]+|[0-9]+)|(?:[a-z]+\x2f(?:[a-z]+|[0-9]+)\x2f){3,}[a-z]+\x2f(?:[a-z]+|[0-9]+)\x2f?)$/U"; classtype:trojan-activity; sid:2020388; rev:8;)

Added 2015-04-27 18:40:13 UTC


Topic revision: r1 - 2022-05-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats