[Snort-sigs] Proposed Signature - "COMMUNITY SPECIFIC-THREATS - Bredolab infected asset POSTing check-in"

Community Proposed lists at ...3397...
Mon Mar 12 10:16:37 EDT 2012


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"COMMUNITY
SPECIFIC-THREATS - Bredolab infected asset POSTing check-in";
flow:to_server,established; content:"POST"; http_method; content:"User-Agent:
Mozilla/4.0|0d 0a|Host: "; http_header; file_data; content:"smk=";
pcre:"/^smk=[^&\?]+/"; classtype:trojan-activity; sid:x; rev:1;)





More information about the Snort-sigs mailing list