alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS DRIVEBY GENERIC ShellExecute? in URLENCODE"; flow:to_client,established; file_data; content:"%53%68%65%6c%6c%45%78%65%63%75%74%65"; nocase; classtype:trojan-activity; sid:2020483; rev:2; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2015_02_19, deployment Perimeter, former_category CURRENT_EVENTS, signature_severity Major, tag DriveBy?, updated_at 2016_07_01;)

Added 2020-11-23 17:30:15 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS DRIVEBY GENERIC ShellExecute? in URLENCODE"; flow:to_client,established; file_data; content:"%53%68%65%6c%6c%45%78%65%63%75%74%65"; nocase; classtype:trojan-activity; sid:2020483; rev:2; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2015_02_19, deployment Perimeter, signature_severity Major, tag DriveBy?, updated_at 2016_07_01;)

Added 2020-08-05 19:10:52 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS DRIVEBY GENERIC ShellExecute? in URLENCODE"; flow:to_client,established; file_data; content:"%53%68%65%6c%6c%45%78%65%63%75%74%65"; nocase; classtype:trojan-activity; sid:2020483; rev:2; metadata:affected_product Any, attack_target Client_Endpoint, deployment Perimeter, tag DriveBy?, signature_severity Major, created_at 2015_02_19, updated_at 2016_07_01;)

Added 2017-08-07 21:14:59 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS DRIVEBY GENERIC ShellExecute? in URLENCODE"; flow:to_client,established; file_data; content:"%53%68%65%6c%6c%45%78%65%63%75%74%65"; nocase; classtype:trojan-activity; sid:2020483; rev:2;)

Added 2015-02-19 18:36:05 UTC


Topic revision: r1 - 2020-11-23 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats