Versions (3)
Version DetailsCurrent
Rev: 14 • Sep 9, 2015, 12:00 PMET DELETED SUSPICIOUS Likely Neutrino EK or other EK IE Flash request to DYNDNS set non-standard filename
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED SUSPICIOUS Likely Neutrino EK or other EK IE Flash request to DYNDNS set non-standard filename"; flow:established,to_server; content:"x-flash-version|3a|"; http_header; fast_pattern:only; pcre:"/^Host\x3a\x20[^\r\n]+\.(?:d(?:yndns\.[a-z]{2,3}|esi)|c(?:ricket|a?fe?)|(?:lin|wor)k|s(?:u|pace)|accountant|t(?:k|op)|g[aq]|xyz|ml|pw)(?:\x3a\d{1,5})?\r$/Hmi"; content:!"/crossdomain.xml"; http_header; content:!".swf"; http_header; nocase; content:!".flv"; http_header; nocase; content:!"[DYNAMIC]"; http_header; content:!".swf"; nocase; http_uri; content:!".flv"; nocase; http_uri; content:!"/crossdomain.xml"; http_uri; content:!"|0d 0a|Cookie|3a|"; classtype:exploit-kit; sid:2021752; rev:14; metadata:created_at 2015_09_09, signature_severity Unknown, updated_at 2019_07_26;)
Sep 9, 2015, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-deleted.rules