EmergingThreats> Main Web>2014822 (2014-09-15, TWikiGuest) EditAttach

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Possible SKyWIper?/Win32.Flame POST"; flow:to_server,established; content:"POST"; http_method; nocase; content:"/wp-content/rss.php"; http_uri; content:"UNIQUE_NUMBER="; depth:14; fast_pattern; http_client_body; content:"&PASSWORD="; distance:0; http_client_body; content:"&ACTION="; distance:0; http_client_body; reference:url,blog.cuckoobox.org/2012/05/29/cuckoo-in-flame/; classtype:trojan-activity; sid:2014822; rev:6;)

Added 2014-09-15 18:30:50 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible SKyWIper?/Win32.Flame POST"; flow:to_server,established; content:"POST"; http_method; nocase; content:"/wp-content/rss.php"; http_uri; content:"UNIQUE_NUMBER="; depth:14; fast_pattern; http_client_body; content:"&PASSWORD="; distance:0; http_client_body; content:"&ACTION="; distance:0; http_client_body; reference:url,blog.cuckoobox.org/2012/05/29/cuckoo-in-flame/; classtype:trojan-activity; sid:2014822; rev:5;)

Added 2012-05-30 18:24:15 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible SKyWIper? POST"; flow:to_server,established; content:"POST"; http_method; nocase; content:"/wp-content/rss.php"; http_uri; content:"UNIQUE_NUMBER="; depth:14; fast_pattern; http_client_body; content:"&PASSWORD="; distance:0; http_client_body; content:"&ACTION="; distance:0; http_client_body; reference:url,blog.cuckoobox.org/2012/05/29/cuckoo-in-flame/; classtype:trojan-activity; sid:2014822; rev:4;)

Added 2012-05-30 00:23:04 UTC

Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2014-09-15 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats