alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible Spartan EK Secondary Flash Exploit DL M2"; flow:established,to_server; urilen:>13; content:"GET /"; byte_test:1,>,64,0,relative; byte_test:1,<,91,0,relative; content:".xml"; http_uri; offset:11; pcre:"/^\/[A-Z](?=[a-z0-9]*?[A-Z][a-z0-9]*?[A-Z])(?=[A-Z0-9]*?[a-z][A-Z0-9]*?[a-z])[A-Za-z0-9]{9,}\.xml$/U"; content:"x-flash-version|3a|"; http_header; fast_pattern; content:".swf"; http_header; nocase; pcre:"/Referer\x3a\x20[^\r\n]*?\/[a-f0-9]{32,64}\.swf/H"; classtype:trojan-activity; sid:2021764; rev:3; metadata:created_at 2015_09_14, updated_at 2019_10_07;)

Added 2019-10-08 19:34:32 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible Spartan EK Secondary Flash Exploit DL M2"; flow:established,to_server; urilen:>13; content:"GET /"; byte_test:1,>,64,0,relative; byte_test:1,<,91,0,relative; content:".xml"; http_uri; offset:11; pcre:"/^\/[A-Z](?=[a-z0-9]*?[A-Z][a-z0-9]*?[A-Z])(?=[A-Z0-9]*?[a-z][A-Z0-9]*?[a-z])[A-Za-z0-9]{9,}\.xml$/U"; content:"x-flash-version|3a|"; http_header; fast_pattern:only; content:".swf"; http_header; nocase; pcre:"/Referer\x3a\x20[^\r\n]*?\/[a-f0-9]{32,64}\.swf/H"; classtype:trojan-activity; sid:2021764; rev:2; metadata:created_at 2015_09_14, updated_at 2015_09_14;)

Added 2018-09-13 19:51:42 UTC


Added 2018-09-13 18:00:23 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible Spartan EK Secondary Flash Exploit DL M2"; flow:established,to_server; urilen:>13; content:"GET /"; byte_test:1,>,64,0,relative; byte_test:1,<,91,0,relative; content:".xml"; http_uri; offset:11; pcre:"/^\/[A-Z](?=[a-z0-9]*?[A-Z][a-z0-9]*?[A-Z])(?=[A-Z0-9]*?[a-z][A-Z0-9]*?[a-z])[A-Za-z0-9]{9,}\.xml$/U"; content:"x-flash-version|3a|"; http_header; fast_pattern:only; content:".swf"; http_header; nocase; pcre:"/Referer\x3a\x20[^\r\n]*?\/[a-f0-9]{32,64}\.swf/H"; classtype:trojan-activity; sid:2021764; rev:2; metadata:created_at 2015_09_14, updated_at 2015_09_14;)

Added 2017-08-07 21:16:30 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible Spartan EK Secondary Flash Exploit DL M2"; flow:established,to_server; urilen:>13; content:"GET /"; byte_test:1,>,64,0,relative; byte_test:1,<,91,0,relative; content:".xml"; http_uri; offset:11; pcre:"/^\/[A-Z](?=[a-z0-9]*?[A-Z][a-z0-9]*?[A-Z])(?=[A-Z0-9]*?[a-z][A-Z0-9]*?[a-z])[A-Za-z0-9]{9,}\.xml$/U"; content:"x-flash-version|3a|"; http_header; fast_pattern:only; content:".swf"; http_header; nocase; pcre:"/Referer\x3a\x20[^\r\n]*?\/[a-f0-9]{32,64}\.swf/H"; classtype:trojan-activity; sid:2021764; rev:2;)

Added 2015-09-14 19:26:59 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats