alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Possible SKyWIper?/Win32.Flame POST"; flow:to_server,established; content:"POST"; http_method; nocase; content:"/wp-content/rss.php"; http_uri; content:"UNIQUE_NUMBER="; depth:14; fast_pattern; http_client_body; content:"&PASSWORD="; distance:0; http_client_body; content:"&ACTION="; distance:0; http_client_body; reference:url,blog.cuckoobox.org/2012/05/29/cuckoo-in-flame/; classtype:trojan-activity; sid:2014822; rev:6; metadata:created_at 2012_05_30, updated_at 2012_05_30;)

Added 2017-08-07 21:08:16 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Possible SKyWIper?/Win32.Flame POST"; flow:to_server,established; content:"POST"; http_method; nocase; content:"/wp-content/rss.php"; http_uri; content:"UNIQUE_NUMBER="; depth:14; fast_pattern; http_client_body; content:"&PASSWORD="; distance:0; http_client_body; content:"&ACTION="; distance:0; http_client_body; reference:url,blog.cuckoobox.org/2012/05/29/cuckoo-in-flame/; classtype:trojan-activity; sid:2014822; rev:6;)

Added 2014-09-15 18:30:50 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible SKyWIper?/Win32.Flame POST"; flow:to_server,established; content:"POST"; http_method; nocase; content:"/wp-content/rss.php"; http_uri; content:"UNIQUE_NUMBER="; depth:14; fast_pattern; http_client_body; content:"&PASSWORD="; distance:0; http_client_body; content:"&ACTION="; distance:0; http_client_body; reference:url,blog.cuckoobox.org/2012/05/29/cuckoo-in-flame/; classtype:trojan-activity; sid:2014822; rev:5;)

Added 2012-05-30 18:24:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible SKyWIper? POST"; flow:to_server,established; content:"POST"; http_method; nocase; content:"/wp-content/rss.php"; http_uri; content:"UNIQUE_NUMBER="; depth:14; fast_pattern; http_client_body; content:"&PASSWORD="; distance:0; http_client_body; content:"&ACTION="; distance:0; http_client_body; reference:url,blog.cuckoobox.org/2012/05/29/cuckoo-in-flame/; classtype:trojan-activity; sid:2014822; rev:4;)

Added 2012-05-30 00:23:04 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats