alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CritXPack? Payload Request"; flow:established,to_server; content:"/load.php?e="; http_uri; fast_pattern:only; content:"&token="; http_uri; classtype:trojan-activity; sid:2015962; rev:10;)

Added 2013-02-05 17:13:55 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CritXPack? Payload Request"; flow:established,to_server; content:"/load.php?e=u00"; http_uri; fast_pattern:only; content:"&token=u00"; http_uri; classtype:trojan-activity; sid:2015962; rev:9;)

Added 2012-11-28 18:14:34 UTC


Topic revision: r1 - 2013-02-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats