ET CURRENT_EVENTS ScanBox Framework used in WateringHole Attacks (POST) PluginData
Sourceet/open
CreatedAugust 30, 2014
UpdatedMarch 13, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS ScanBox Framework used in WateringHole Attacks (POST) PluginData"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"pluginid="; fast_pattern; content:"projectid="; content:"seed="; content:"data="; reference:url,www.alienvault.com/open-threat-exchange/blog/scanbox-a-reconnaissance-framework-used-on-watering-hole-attacks; classtype:trojan-activity; sid:2019095; rev:4; metadata:created_at 2014_08_30, signature_severity Major, updated_at 2024_03_13;)
References
Metadata
created at2014_08_30
signature severityMajor
updated at2024_03_13
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!