ET DELETED DustySky Checkin

SID: 2021918Rev: 70 views
History
Sourceet/open
CreatedOctober 6, 2015
UpdatedJuly 26, 2019
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED DustySky Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com|0d 0a|"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; content:!"Cookie|3a|"; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:7; metadata:created_at 2015_10_06, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

References

md5
07fd870e4ea8dd6b9503a956b5bb47f3
Google SearchBrave Search

Metadata

created at2015_10_06
signature severityUnknown
tagDescription_Generated_By_Proofpoint_Nexus
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!