##alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED CoolEK? Font File Download (64-bit Host) Dec 11 2012"; flow:to_server,established; content:"/64s_font.eot"; http_uri; classtype:trojan-activity; sid:2015816; rev:4;)

Added 2015-01-26 17:20:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CoolEK? Font File Download (64-bit Host) 10/17/12"; flow:to_server,established; content:"/64size_font.eot"; http_uri; classtype:trojan-activity; sid:2015816; rev:1;)

Added 2012-10-18 01:34:53 UTC


Topic revision: r1 - 2015-01-26 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats