[Emerging-Sigs] "F P" for ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (https) 2008019

Russell Fulton r.fulton at auckland.ac.nz
Tue Sep 23 18:44:29 EDT 2014


we are seeing several different things using things like this:

User-Agent: HttpSendRequest

I am using the surciata rules which does not check the CR/LF which the original rule did.

Russell.


More information about the Emerging-sigs mailing list