alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Equation Group EGREGIOUSBLUNDER Fortigate Exploit Attempt"; flow:established,to_server; urilen:6; content:"POST"; http_method; content:"/index"; http_uri; http_start; content:"Content-length|3a 20|0|0d 0a|Cookie|3a 20|APSCOOKIE=Era=0&Payload="; fast_pattern; pcre:"/^[A-Za-z0-9+/]{0,4}?[^\x20-\x7e]/R"; http_header_names; content:"|0d 0a|Host|0d 0a|Content-length|0d 0a|"; depth:24; content:!"User-Agent|0d 0a|"; content:!"Content-Type|0d 0a|"; content:!"Referer|0d 0a|"; content:!"Accept"; classtype:attempted-admin; sid:2023075; rev:3; metadata:affected_product Fortigate, attack_target Server, created_at 2016_08_17, deployment Datacenter, performance_impact Low, signature_severity Major, updated_at 2020_11_05;)

Added 2020-11-05 18:35:57 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Equation Group EGREGIOUSBLUNDER Fortigate Exploit Attempt"; flow:established,to_server; urilen:6; content:"POST"; http_method; content:"/index"; http_uri; http_start; content:"Content-length|3a 20|0|0d 0a|Cookie|3a 20|APSCOOKIE=Era=0&Payload="; fast_pattern; pcre:"/^[A-Za-z0-9+/]{0,4}?[^\x20-\x7e]/R"; http_header_names; content:"|0d 0a|Host|0d 0a|Content-length|0d 0a|"; depth:24; content:!"User-Agent|0d 0a|"; content:!"Content-Type|0d 0a|"; content:!"Referer|0d 0a|"; content:!"Accept"; classtype:attempted-admin; sid:2023075; rev:3; metadata:affected_product Fortigate, attack_target Server, created_at 2016_08_17, deployment Datacenter, performance_impact Low, signature_severity Major, updated_at 2020_03_05;)

Added 2020-08-05 19:12:26 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Equation Group EGREGIOUSBLUNDER Fortigate Exploit Attempt"; flow:established,to_server; urilen:6; content:"POST"; http_method; content:"/index"; http_uri; http_start; content:"Content-length|3a 20|0|0d 0a|Cookie|3a 20|APSCOOKIE=Era=0&Payload="; fast_pattern; pcre:"/^[A-Za-z0-9+/]{0,4}?[^\x20-\x7e]/R"; http_header_names; content:"|0d 0a|Host|0d 0a|Content-length|0d 0a|"; depth:24; content:!"User-Agent|0d 0a|"; content:!"Content-Type|0d 0a|"; content:!"Referer|0d 0a|"; content:!"Accept"; classtype:attempted-admin; sid:2023075; rev:3; metadata:affected_product Fortigate, attack_target Server, deployment Datacenter, signature_severity Major, created_at 2016_08_17, performance_impact Low, updated_at 2020_03_05;)

Added 2020-03-05 19:36:42 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Equation Group EGREGIOUSBLUNDER Fortigate Exploit Attempt"; flow:established,to_server; urilen:6; content:"POST"; http_method; content:"/index"; http_uri; content:!"User-Agent|3a|"; http_header; content:!"Content-Type|3a|"; http_header; content:!"Referer|3a|"; http_header; content:!"Accept"; http_header; content:"Host|3a 20|"; depth:6; http_header; content:"Content-length|3a 20|0|0d 0a|"; distance:0; http_header; content:"Content-length|3a 20|0|0d 0a|Cookie|3a 20|APSCOOKIE=Era=0&Payload="; fast_pattern:31,20; pcre:"/^[A-Za-z0-9+/]{0,4}?[^\x20-\x7e]/R"; pcre:"/^Host\x3a[^\r\n]+?\r\nContent-length/H"; classtype:attempted-admin; sid:2023075; rev:2; metadata:affected_product Fortigate, attack_target Server, deployment Datacenter, signature_severity Major, created_at 2016_08_17, performance_impact Low, updated_at 2016_08_17;)

Added 2018-09-13 19:52:47 UTC


Added 2018-09-13 18:01:03 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Equation Group EGREGIOUSBLUNDER Fortigate Exploit Attempt"; flow:established,to_server; urilen:6; content:"POST"; http_method; content:"/index"; http_uri; content:!"User-Agent|3a|"; http_header; content:!"Content-Type|3a|"; http_header; content:!"Referer|3a|"; http_header; content:!"Accept"; http_header; content:"Host|3a 20|"; depth:6; http_header; content:"Content-length|3a 20|0|0d 0a|"; distance:0; http_header; content:"Content-length|3a 20|0|0d 0a|Cookie|3a 20|APSCOOKIE=Era=0&Payload="; fast_pattern:31,20; pcre:"/^[A-Za-z0-9+/]{0,4}?[^\x20-\x7e]/R"; pcre:"/^Host\x3a[^\r\n]+?\r\nContent-length/H"; classtype:attempted-admin; sid:2023075; rev:2; metadata:affected_product Fortigate, attack_target Server, deployment Datacenter, signature_severity Major, created_at 2016_08_17, performance_impact Low, updated_at 2016_08_17;)

Added 2017-08-07 21:18:07 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Equation Group EGREGIOUSBLUNDER Fortigate Exploit Attempt"; flow:established,to_server; urilen:6; content:"POST"; http_method; content:"/index"; http_uri; content:!"User-Agent|3a|"; http_header; content:!"Content-Type|3a|"; http_header; content:!"Referer|3a|"; http_header; content:!"Accept"; http_header; content:"Host|3a 20|"; depth:6; http_header; content:"Content-length|3a 20|0|0d 0a|"; distance:0; http_header; content:"Content-length|3a 20|0|0d 0a|Cookie|3a 20|APSCOOKIE=Era=0&Payload="; fast_pattern:31,20; pcre:"/^[A-Za-z0-9+/]{0,4}?[^\x20-\x7e]/R"; pcre:"/^Host\x3a[^\r\n]+?\r\nContent-length/H"; classtype:attempted-admin; sid:2023075; rev:2;)

Added 2016-08-17 17:22:05 UTC


Topic revision: r1 - 2020-11-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats