#alert tcp $HOME_NET any -> $EXTERNAL_NET 8080 (msg:"ET DELETED Unknown HTTP CnC? Checkin"; flow:established,to_server; content:"POST "; depth:5; content:".ru|3a|8080|0D 0A|"; fast_pattern; pcre:"/Host\x3a\s[a-z]{16}\.ru/"; classtype:trojan-activity; sid:2014221; rev:2;)

Added 2012-03-20 17:59:14 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 8080 (msg:"ET TROJAN Unknown HTTP CnC? Checkin"; flow:established,to_server; content:"POST "; depth:5; content:".ru|3a|8080|0D 0A|"; fast_pattern; pcre:"/Host\x3a\s[a-z]{16}\.ru/"; classtype:trojan-activity; sid:2014221; rev:2;)

Added 2012-02-14 13:47:27 UTC


Topic revision: r1 - 2012-03-20 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats