alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Spelevo VBS Payload Downloaded"; flow:established,to_server; content:"POST"; http_method; content:"&00000111&11"; http_uri; fast_pattern; isdataat:!1,relative; http_header_names; content:"|0d 0a|Host|0d 0a|Content-Length|0d 0a|Cache-Control|0d 0a|Cookie|0d 0a 0d 0a|"; depth:49; http_content_len; content:"0"; metadata: former_category EXPLOIT_KIT; classtype:trojan-activity; sid:2028865; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag Spelevo_EK, signature_severity Major, created_at 2019_10_18, malware_family Spelevo_EK, updated_at 2019_11_15;)

Added 2019-11-15 18:58:45 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Spelevo VBS Payload Downloaded"; flow:established,to_server; content:"POST"; http_method; content:"p&00000111&11"; http_uri; fast_pattern; isdataat:!1,relative; http_header_names; content:"|0d 0a|Host|0d 0a|Content-Length|0d 0a|Cache-Control|0d 0a|Cookie|0d 0a 0d 0a|"; depth:49; http_content_len; content:"0"; metadata: former_category EXPLOIT_KIT; classtype:trojan-activity; sid:2028865; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag Spelevo_EK, signature_severity Major, created_at 2019_10_18, malware_family Spelevo_EK, updated_at 2019_10_18;)

Added 2019-10-18 19:55:31 UTC


Topic revision: r1 - 2019-11-15 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats