alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE Matahari client"; flow:to_server,established; content:"Accept|2d|Encoding|3a 20|identity|0d 0a|"; http_header; content:"Next|2d|Polling"; http_header; content:"Content|2d|Salt|3a| "; http_header; pcre:"/Content\x2dSalt\x3a\x20[0-9\.\-]+\x0d\x0a/Hi"; reference:url,doc.emergingthreats.net/2010795; classtype:trojan-activity; sid:2010795; rev:9;)

Added 2015-04-15 21:01:47 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET ATTACK_RESPONSE Matahari client"; flow:to_server,established; content:"Accept-Encoding|3a| identity"; http_header; content:"Next|2d|Polling"; http_header; content:"Content|2d|Salt|3a| "; http_header; pcre:"/Content\x2dSalt\x3a\x20[0-9\.\-]+\x0d\x0a/Hi"; reference:url,doc.emergingthreats.net/2010795; classtype:trojan-activity; sid:2010795; rev:11;)

Added 2011-10-12 19:30:37 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET ATTACK_RESPONSE Matahari client"; flow:to_server,established; content:"Accept-Encoding|3a| identity"; http_header; content:"Next|2d|Polling"; http_header; content:"Content|2d|Salt|3a| "; http_header; pcre:"/Content\x2dSalt\x3a\x20[0-9\.\-]+\x0d\x0a/Hi"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010795; sid:2010795; rev:11;)

Added 2011-09-14 22:43:47 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET ATTACK_RESPONSE Matahari client"; flow:to_server,established; content:"Accept-Encoding|3a| identity"; http_header; content:"Next|2d|Polling"; http_header; content:"Content|2d|Salt|3a| "; http_header; pcre:"/Content\x2dSalt\x3a\x20[0-9\.\-]+\x0d\x0a/Hi"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010795; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Matahari; sid:2010795; rev:11;)

Added 2011-02-04 17:30:27 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET ATTACK_RESPONSE Matahari client"; flow:to_server,established; content:"Accept|2d|Encoding|3a 20|identity|0d 0a|"; pcre:"/Content\x2dSalt\x3a\x20[0-9\.\-]+\x0d\x0a/iR"; content:"Next|2d|Polling"; distance:0; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010795; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Matahari; sid:2010795; rev:4;)

Added 2010-02-15 16:16:04 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET ATTACK_RESPONSE Matahari client"; flow:to_server,established; content:"Accept|2d|Encoding|3a 20|identity|0d 0a|"; pcre:"/Content\x2dSalt\x3a\x20[0-9\.\-]+\x0d\x0a/iR"; content:"Next|2d|Polling"; distance:0; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010795; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Matahari; sid:2010795; rev:4;)

Added 2010-02-15 16:16:04 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET ATTACK_RESPONSE Matahari client"; flow:to_server,established; content:"Accept|2d|Encoding|3a 20|identity|0d 0a|"; pcre:"/Content\x2dSalt\x3a\x20[0-9\.\-]+\x0d\x0a/iR"; content:"Next|2d|Polling"; distance:0; http_header; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010795; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Matahari; sid:2010795; rev:3;)

Added 2010-02-15 11:58:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET ATTACK_RESPONSE Matahari client"; flow:to_server,established; content:"Accept|2d|Encoding|3a 20|identity|0d 0a|"; pcre:"/Content\x2dSalt\x3a\x20[0-9\.\-]+\x0d\x0a/iR"; content:"Next|2d|Polling"; distance:0; http_header; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010795; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Matahari; sid:2010795; rev:3;)

Added 2010-02-15 11:58:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"ET ATTACK_RESPONSE Matahari client"; flow:to_server,established; content:"Accept|2d|Encoding|3a 20|identity|0d 0a|"; pcre:"/Content\x2dSalt\x3a\x20[0-9\.\-]+\x0d\x0a/iR"; content:"Next|2d|Polling"; distance:0; http_header; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010795; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Matahari; sid:2010795; rev:2;)

Added 2010-02-15 10:46:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"ET ATTACK_RESPONSE Matahari client"; flow:to_server,established; content:"Accept|2d|Encoding|3a 20|identity|0d 0a|"; pcre:"/Content\x2dSalt\x3a\x20[0-9\.\-]+\x0d\x0a/iR"; content:"Next|2d|Polling"; distance:0; http_header; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010795; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Matahari; sid:2010795; rev:2;)

Added 2010-02-15 10:44:44 UTC


Topic revision: r1 - 2015-04-16 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats