[Emerging-Sigs] Daily Ruleset Update Summary 09/092014
wkitty42 at windstream.net
Wed Sep 10 16:35:05 EDT 2014
On 9/10/2014 4:06 PM, rmkml wrote:
> Thx Community and @EmergingThreats team,
> Could you share url with this sig please ?
> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE PUP
> Win32.SoftPulse Retrieving data"; flow:established,to_server; content:"GET";
> http_method; content:"/maxpower-static/"; http_uri; fast_pattern:only;
> content:"templates/"; offset:17; depth:10; http_uri; content:!"Referer|3a|";
> http_header; reference:md5,4aa02ca6a3f04cf445924a6d657d10e5;
> classtype:trojan-activity; sid:2019143; rev:2;)
> because I am curious with offset/depth.
if i'm reading references.conf correctly, that url would be
i don't know how to get to the actual item, though...
NOTE: No off-list assistance is given without prior approval.
Please *keep mailing list traffic on the list* unless
private contact is specifically requested and granted.
More information about the Emerging-sigs