alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS NullHole? URI Struct Jul 22 2015 M3"; flow:established,from_server; content:"302"; http_stat_code; content:"/e.html"; http_header; fast_pattern; pcre:"/^Location\x3a\x20[a-f0-9]{32}\/e\.html\r$/Hm"; content:"Set-Cookie|3a|"; classtype:trojan-activity; sid:2021508; rev:3; metadata:created_at 2015_07_22, updated_at 2019_10_07;)

Added 2019-10-08 19:34:30 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS NullHole? URI Struct Jul 22 2015 M3"; flow:established,from_server; content:"302"; http_stat_code; content:"/e.html"; http_header; fast_pattern:only; pcre:"/^Location\x3a\x20[a-f0-9]{32}\/e\.html\r$/Hm"; content:"Set-Cookie|3a|"; classtype:trojan-activity; sid:2021508; rev:2; metadata:created_at 2015_07_22, updated_at 2015_07_22;)

Added 2018-09-13 19:51:29 UTC


Added 2018-09-13 18:00:14 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS NullHole? URI Struct Jul 22 2015 M3"; flow:established,from_server; content:"302"; http_stat_code; content:"/e.html"; http_header; fast_pattern:only; pcre:"/^Location\x3a\x20[a-f0-9]{32}\/e\.html\r$/Hm"; content:"Set-Cookie|3a|"; classtype:trojan-activity; sid:2021508; rev:2; metadata:created_at 2015_07_22, updated_at 2015_07_22;)

Added 2017-08-07 21:16:11 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS NullHole? URI Struct Jul 22 2015 M3"; flow:established,from_server; content:"302"; http_stat_code; content:"/e.html"; http_header; fast_pattern:only; pcre:"/^Location\x3a\x20[a-f0-9]{32}\/e\.html\r$/Hm"; content:"Set-Cookie|3a|"; classtype:trojan-activity; sid:2021508; rev:2;)

Added 2015-07-22 18:55:53 UTC



This topic: Main > 2021508
Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats