#alert http $HOME_NET any -> $EXTERNAL_NET 8080 (msg:"ET DELETED Unknown HTTP CnC? Checkin"; flow:established,to_server; content:"POST"; http_method; content:".ru|3a|8080|0D 0A|"; http_header; fast_pattern; pcre:"/Host\x3a\s[a-z]{16}\.ru/H"; classtype:trojan-activity; sid:2014221; rev:3; metadata:created_at 2012_02_13, updated_at 2012_02_13;)

Added 2017-08-07 21:07:34 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET 8080 (msg:"ET DELETED Unknown HTTP CnC? Checkin"; flow:established,to_server; content:"POST "; depth:5; content:".ru|3a|8080|0D 0A|"; fast_pattern; pcre:"/Host\x3a\s[a-z]{16}\.ru/"; classtype:trojan-activity; sid:2014221; rev:2;)

Added 2012-03-20 17:59:14 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 8080 (msg:"ET TROJAN Unknown HTTP CnC? Checkin"; flow:established,to_server; content:"POST "; depth:5; content:".ru|3a|8080|0D 0A|"; fast_pattern; pcre:"/Host\x3a\s[a-z]{16}\.ru/"; classtype:trojan-activity; sid:2014221; rev:2;)

Added 2012-02-14 13:47:27 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats