alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN URI Struct Observed in Pawn Storm CVE-2015-2950"; flow:established,to_server; content:"POST"; http_method; content:"/?p2="; http_uri; content:"&recr="; distance:0; http_uri; fast_pattern; content:"&p3="; distance:0; http_uri; content:"&as="; distance:0; http_uri; content:"&c="; distance:0; http_uri; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-look-at-how-pawn-storms-java-zero-day-was-used/; classtype:trojan-activity; sid:2021560; rev:2; metadata:created_at 2015_07_31, updated_at 2020_05_29;)

Added 2021-09-21 20:00:16 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN URI Struct Observed in Pawn Storm CVE-2015-2950"; flow:established,to_server; content:"POST"; http_method; content:"/?p2="; http_uri; content:"&recr="; distance:0; http_uri; fast_pattern; content:"&p3="; distance:0; http_uri; content:"&as="; distance:0; http_uri; content:"&c="; distance:0; http_uri; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-look-at-how-pawn-storms-java-zero-day-was-used/; classtype:trojan-activity; sid:2021560; rev:2; metadata:created_at 2015_07_30, updated_at 2020_05_29;)

Added 2020-05-29 18:55:23 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN URI Struct Observed in Pawn Storm CVE-2015-2950"; flow:established,to_server; content:"POST"; http_method; content:"/?p2="; http_uri; content:"&recr="; distance:0; http_uri; fast_pattern; content:"&p3="; distance:0; http_uri; content:"&as="; distance:0; http_uri; content:"&c="; distance:0; http_uri; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-look-at-how-pawn-storms-java-zero-day-was-used/; classtype:trojan-activity; sid:2021560; rev:2; metadata:created_at 2015_07_30, updated_at 2015_07_30;)

Added 2018-09-13 19:51:31 UTC


Added 2018-09-13 18:00:16 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN URI Struct Observed in Pawn Storm CVE-2015-2950"; flow:established,to_server; content:"POST"; http_method; content:"/?p2="; http_uri; content:"&recr="; distance:0; http_uri; fast_pattern; content:"&p3="; distance:0; http_uri; content:"&as="; distance:0; http_uri; content:"&c="; distance:0; http_uri; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-look-at-how-pawn-storms-java-zero-day-was-used/; classtype:trojan-activity; sid:2021560; rev:2; metadata:created_at 2015_07_30, updated_at 2015_07_30;)

Added 2017-08-07 21:16:15 UTC


Topic revision: r1 - 2021-09-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats