alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Generic - POST To .php w/Extended ASCII Characters"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"|20|MSIE|20|"; http_user_agent; fast_pattern; pcre:"/[\x80-\xff]/P"; http_header_names; content:!"Referer"; http_content_type; content:"www-form-urlencoded"; classtype:trojan-activity; sid:2017259; rev:13; metadata:created_at 2013_07_31, updated_at 2019_06_03;)

Added 2019-06-03 18:23:57 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Generic - POST To .php w/Extended ASCII Characters"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"|20|MSIE|20|"; http_user_agent; pcre:"/[\x80-\xff]/P"; http_header_names; content:!"Referer"; http_content_type; content:"www-form-urlencoded"; classtype:trojan-activity; sid:2017259; rev:12; metadata:created_at 2013_07_31, updated_at 2013_07_31;)

Added 2018-09-13 19:47:27 UTC


Added 2018-09-13 17:57:55 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Generic - POST To .php w/Extended ASCII Characters"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:!"Referer|3a|"; http_header; content:"www-form-urlencoded|0d 0a|"; http_header; content:" MSIE "; http_user_agent; pcre:"/[\x80-\xff]/P"; classtype:trojan-activity; sid:2017259; rev:11; metadata:created_at 2013_07_31, updated_at 2013_07_31;)

Added 2017-08-07 21:11:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic - POST To .php w/Extended ASCII Characters"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:!"Referer|3a|"; http_header; content:"www-form-urlencoded|0d 0a|"; http_header; content:" MSIE "; http_header; pcre:"/[\x80-\xff]/P"; classtype:trojan-activity; sid:2017259; rev:9;)

Added 2013-07-31 18:43:51 UTC


Topic revision: r1 - 2019-06-03 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats