alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS [PTsecurity] Possible Malicious (HTA-VBS-PowerShell) obfuscated command"; flow: established,to_client; content:"200"; http_stat_code; content:"<?xml"; depth:5; http_server_body; content:"|22|JScript|22|>

Added 2020-11-16 19:08:24 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS [PTsecurity] Possible Malicious (HTA-VBS-PowerShell) obfuscated command"; flow: established,to_client; content:"200"; http_stat_code; content:"<?xml"; depth:5; http_server_body; content:"|22|JScript|22|>

Added 2020-08-05 19:14:40 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS [PTsecurity] Possible Malicious (HTA-VBS-PowerShell) obfuscated command"; flow: established,to_client; content:"200"; http_stat_code; content:"<?xml"; depth:5; http_server_body; content:"|22|JScript|22|>

Added 2020-04-15 18:43:12 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS [PTsecurity] Possible Malicious (HTA-VBS-PowerShell) obfuscated command"; flow: established,to_client; content:"200"; http_stat_code; content:"<?xml"; depth:5; http_server_body; content:"|22|JScript|22|>

Added 2018-09-13 19:54:42 UTC


Added 2018-09-13 18:02:09 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS [PTsecurity] Possible Malicious (HTA-VBS-PowerShell) obfuscated command"; flow: established,to_client; content:"200"; http_stat_code; content:"<?xml"; depth:5; http_server_body; content:"|22|JScript|22|>

Added 2018-05-03 18:32:45 UTC


Topic revision: r1 - 2020-11-17 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats