alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT Realtek SDK Miniigd UPnP? SOAP Command Execution CVE-2014-8361 - Outbound"; flow:established,to_server; content:"POST"; http_method; content:"SOAPAction|3a 20|urn|3a|schemas-upnp-org|3a|service|3a|WANIPConnection|3a|"; http_header; fast_pattern; content:"|3c|u|3a|AddPortMapping"; http_client_body; content:"|3c|NewRemoteHost|3e|"; http_client_body; distance:0; content:"|3c|NewInternalClient"; http_client_body; distance:0; content:"|3c 2f|NewInternalClient|3e|"; http_client_body; distance:0; content:"NewEnabled|3e|1"; http_client_body; distance:0; metadata: former_category EXPLOIT; classtype:trojan-activity; sid:2027339; rev:2; metadata:attack_target IoT?, deployment Perimeter, signature_severity Major, created_at 2019_05_08, performance_impact Low, updated_at 2019_07_26;)

Added 2019-07-26 18:33:00 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT Realtek SDK Miniigd UPnP? SOAP Command Execution CVE-2014-8361 - Outbound"; flow:established,to_server; content:"POST"; http_method; content:"SOAPAction|3a 20|urn|3a|schemas-upnp-org|3a|service|3a|WANIPConnection|3a|"; http_header; fast_pattern; content:"|3c|u|3a|AddPortMapping"; http_client_body; content:"|3c|NewRemoteHost|3e|"; http_client_body; distance:0; content:"|3c|NewInternalClient"; http_client_body; distance:0; content:"|3e 60|"; http_client_body; within:3; content:"|60 3c 2f|NewInternalClient|3e|"; http_client_body; distance:0; content:"NewEnabled|3e|1"; http_client_body; distance:0; metadata: former_category EXPLOIT; classtype:trojan-activity; sid:2027339; rev:1; metadata:attack_target IoT?, deployment Perimeter, signature_severity Major, created_at 2019_05_08, performance_impact Low, updated_at 2019_05_08;)

Added 2019-05-08 19:27:14 UTC



This topic: Main > 2027339
Topic revision: r1 - 2019-07-26 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats