alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN DOCHTML C&C http directive in HTML comments"; flow:established,from_server; content:"|3c|!-- DOCHTMLhttp|3a|//"; reference:url,blog.accuvantlabs.com/blog/dgrif/anatomy-targeted-attack; classtype:trojan-activity; sid:2015616; rev:3; metadata:created_at 2012_08_10, updated_at 2012_08_10;)

Added 2017-08-07 21:09:13 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN DOCHTML C&C http directive in HTML comments"; flow:established,from_server; content:"|3c|!-- DOCHTMLhttp|3a|//"; reference:url,blog.accuvantlabs.com/blog/dgrif/anatomy-targeted-attack; classtype:trojan-activity; sid:2015616; rev:2;)

Added 2012-08-30 16:53:41 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN DOCHTML C&C http directive in HTML comments"; flow:established,from_server; content:"

Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats