alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Tech Support Scam Landing M1 2019-04-15"; flow:established,from_server; content:"200"; http_stat_code; file_data; content:"alert|28 22|Windows|20|Firewall|20|has|20|detected|20|that|20|your|20|Windows"; fast_pattern; content:"system|20|files|20|are|20|automatically|20|deleted"; distance:0; within:200; content:"Please|20|follow|20|the|20|instructions"; distance:0; within:200; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2027197; rev:2; metadata:tag Tech_Support_Scam, tag Malvertising, created_at 2019_04_15, updated_at 2019_04_15;)

Added 2019-08-16 19:27:25 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Tech Support Scam Landing M1 2019-04-15"; flow:established,from_server; content:"200"; http_stat_code; file_data; content:"alert|28 22|Windows|20|Firewall|20|has|20|detected|20|that|20|your|20|Windows"; fast_pattern; content:"system|20|files|20|are|20|automatically|20|deleted"; distance:0; within:200; content:"Please|20|follow|20|the|20|instructions"; distance:0; within:200; metadata: former_category CURRENT_EVENTS; classtype:trojan-activity; sid:2027197; rev:1; metadata:tag Tech_Support_Scam, tag Malvertising, created_at 2019_04_15, updated_at 2019_04_15;)

Added 2019-04-15 19:06:46 UTC


Topic revision: r1 - 2019-08-16 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats