Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- alert tcp any any -> any $HTTP_PORTS (msg:"Infostealer"; flow:to_server,established; content:"POST"; http_method; content:"/"; http_uri; content:"Expect|3a 20|100-continue"; http_header; content:"filename=|22|"; fast_pattern; http_client_body; content:"Content-Type|3a 20|application/"; content:"|0d 0a 0d 0a|PK"; http_client_body; reference:md5,5ef0dad3baad9be977749534f1472086; classtype:trojan-activity; sid:20166301; rev:3; metadata:created_at 2019_08_07;)
Add Comment
Please, Sign In to add comment