ET WEB_CLIENT Malicious Redirect n.php h=*&s=* - Suricata Rule 2015669 (et/open)

ET WEB_CLIENT Malicious Redirect n.php h=&s=

SID: 2015669Rev: 110 viewsHistory

Sourceet/open

CreatedAugust 23, 2012

UpdatedFebruary 19, 2024

Classificationattempted-user

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET WEB_CLIENT Malicious Redirect n.php h=*&s=*"; flow:established,to_server; http.uri; content:"/n.php?h="; fast_pattern; content:"&s="; pcre:"/\/n\.php\?h=\w*?&s=\w{1,5}$/i"; http.host; content:".rr.nu"; endswith; reference:url,0xicf.wordpress.com/category/security-updates/; reference:url,urlquery.net/report.php?id=111302; classtype:attempted-user; sid:2015669; rev:11; metadata:created_at 2012_08_23, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_02_19;)

References

url	0xicf.wordpress.com/category/security-updates/
url	urlquery.net/report.php?id=111302

Metadata

created at2012_08_23

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2024_02_19

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!