ET WEB_CLIENT Malicious Redirect 8x8 script tag
Sourceet/open
Fileemerging-web_client.rules
CreatedFebruary 1, 2014
UpdatedMarch 13, 2024
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Malicious Redirect 8x8 script tag"; flow:established,to_client ; file.data; content:".php?id="; content:"/"; distance:-17; within:1; pcre:"/^[a-z0-9A-Z]*?[A-Z0-9][a-z0-9A-Z]*?\.php\?id=\d{6,9}[\x22\x27]/R" ; content:"<script"; nocase; pcre:"/^(?:(?!<\/script>).)*?\ssrc\s*?=\s*?[\x22\x27][^\x22\x27]+?\/[a-z0-9A-Z]{8}\.php\?id=\d{6,9}[\x22\x27]/Rsi" ; classtype:trojan-activity; sid:2018053; rev:5; metadata:created_at 2014_02_01, signature_severity Major, updated_at 2024_03_13;)
Metadata
created at2014_02_01
signature severityMajor
updated at2024_03_13
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!