ET HUNTING Suspicious User-Agent (C slash)
Sourceet/open
Fileemerging-hunting.rules
CreatedJuly 30, 2010
UpdatedApril 13, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET HUNTING Suspicious User-Agent (C slash)"; flow:established,to_server ; threshold:type limit,count 2,track by_src,seconds 300 ; http.header; content:!"|5c|Citrix|5c|"; content:!"|5c|Panda S"; nocase; content:!"|5c|Mapinfo"; nocase; http.user_agent; content:"C|3a 5c|"; startswith; fast_pattern; classtype:trojan-activity; sid:2008512; rev:20; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2010_07_30, deployment Perimeter, confidence Medium, signature_severity Major, tag User_Agent, updated_at 2024_04_13;)
Metadata
affected productAny
attack targetClient_Endpoint
created at2010_07_30
deploymentPerimeter
confidenceMedium
signature severityMajor
tagUser_Agent
updated at2024_04_13
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!