Versions (3)
Version DetailsCurrent
Rev: 4 • Feb 1, 2014, 12:00 PMET WEB_CLIENT Malicious Redirect 8x8 script tag
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Malicious Redirect 8x8 script tag"; flow:established,from_server; file_data; content:".php?id="; content:"/"; distance:-17; within:1; pcre:"/^[a-z0-9A-Z]*?[A-Z0-9][a-z0-9A-Z]*?\.php\?id=\d{6,9}[\x22\x27]/R"; content:"<script"; nocase; pcre:"/^(?:(?!<\/script>).)*?\ssrc\s*?=\s*?[\x22\x27][^\x22\x27]+?\/[a-z0-9A-Z]{8}\.php\?id=\d{6,9}[\x22\x27]/Rsi"; classtype:trojan-activity; sid:2018053; rev:4; metadata:created_at 2014_02_01, signature_severity Major, updated_at 2019_07_26;)
Feb 1, 2014, 12:00 PM
Jul 26, 2019, 12:00 PM
Feb 1, 2014, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-web_client.rules