AvaMaria snort suricata

James_inthe_box Dec 14th, 2018 305 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. alert tcp $EXTERNAL_NET !$HTTP_PORTS -> $HOME_NET any (msg:"TROJAN AveMaria Initial Checkin"; flow:established,from_server; dsize:<15; content:"|29 bb 66 e4 00 00 00 00|"; depth:15; reference:url,; classtype:trojan-activity; sid:20166275; rev:1; metadata:created_at 2018_12_18;)
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand