ET MALWARE ProxyBox - HTTP CnC - get_servers.php - Suricata Rule 2015506 (et/open)

ET MALWARE ProxyBox - HTTP CnC - get_servers.php

SID: 2015506Rev: 40 viewsHistory

Sourceet/open

CreatedJuly 21, 2012

UpdatedApril 22, 2020

Classificationcommand-and-control

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE ProxyBox - HTTP CnC - get_servers.php"; flow:established,to_server; http.uri; content:"/get_servers.php?"; http.header_names; content:!"User-Agent"; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2; classtype:command-and-control; sid:2015506; rev:4; metadata:created_at 2012_07_21, signature_severity Major, updated_at 2020_04_22;)

References

url	www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2

Metadata

created at2012_07_21

signature severityMajor

updated at2020_04_22

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!