alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Blue Bot DDoS? Blog Request"; flow:to_server,established; content:"GET"; http_method; content:"/blog"; http_uri; fast_pattern; content:!"sap.com"; http_host; content:!"User-Agent|3a|"; http_header; content:!"Referer|3a|"; http_header; content:!"Accept"; http_header; content:!"Connection|3a|"; http_header; pcre:"/\/blog$/U"; reference:md5,7d9411f7204782fdbcd0fd0f20956bbc; reference:url,research.zscaler.com/2015/05/rig-exploit-kit-infection-cycle-analysis.html; classtype:trojan-activity; sid:2021129; rev:3; metadata:created_at 2015_05_21, former_category MALWARE, performance_impact Moderate, updated_at 2022_09_09;)

Added 2022-09-09 17:27:37 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Blue Bot DDoS? Blog Request"; flow:to_server,established; content:"GET"; http_method; content:"/blog"; http_uri; fast_pattern; content:!"User-Agent|3a|"; http_header; content:!"Referer|3a|"; http_header; content:!"Accept"; http_header; content:!"Connection|3a|"; http_header; pcre:"/\/blog$/U"; reference:md5,7d9411f7204782fdbcd0fd0f20956bbc; reference:url,research.zscaler.com/2015/05/rig-exploit-kit-infection-cycle-analysis.html; classtype:trojan-activity; sid:2021129; rev:2; metadata:created_at 2015_05_21, updated_at 2015_05_21;)

Added 2018-09-13 19:51:14 UTC


Added 2018-09-13 18:00:05 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Blue Bot DDoS? Blog Request"; flow:to_server,established; content:"GET"; http_method; content:"/blog"; http_uri; fast_pattern; content:!"User-Agent|3a|"; http_header; content:!"Referer|3a|"; http_header; content:!"Accept"; http_header; content:!"Connection|3a|"; http_header; pcre:"/\/blog$/U"; reference:md5,7d9411f7204782fdbcd0fd0f20956bbc; reference:url,research.zscaler.com/2015/05/rig-exploit-kit-infection-cycle-analysis.html; classtype:trojan-activity; sid:2021129; rev:2; metadata:created_at 2015_05_21, updated_at 2015_05_21;)

Added 2017-08-07 21:15:46 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Blue Bot DDoS? Blog Request"; flow:to_server,established; content:"GET"; http_method; content:"/blog"; http_uri; fast_pattern; content:!"User-Agent|3a|"; http_header; content:!"Referer|3a|"; http_header; content:!"Accept"; http_header; content:!"Connection|3a|"; http_header; pcre:"/\/blog$/U"; reference:md5,7d9411f7204782fdbcd0fd0f20956bbc; reference:url,research.zscaler.com/2015/05/rig-exploit-kit-infection-cycle-analysis.html; classtype:trojan-activity; sid:2021129; rev:2;)

Added 2015-05-21 17:44:09 UTC


Topic revision: r1 - 2022-09-09 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats