[Emerging-Sigs] Super Dupesville

Francis Trudeau trudeauf at gmail.com
Tue Jun 16 06:35:24 HDT 2020


alert http $EXTERNAL_NET any -> any any (msg:"ET SCAN Zmap User-Agent
(zgrab)"; flow:established,to_server; content:"Mozilla/5.0 zgrab/0.x";
http_user_agent; depth:21; isdataat:!1,relative; classtype:network-scan;
sid:2029054; rev:1; metadata:created_at 2019_11_26, updated_at 2019_11_26;)

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ETPRO USER_AGENTS Zmap
User-Agent (zgrab)"; flow:established,to_server; content:"Mozilla/5.0
zgrab/0.x"; fast_pattern; http_user_agent; depth:21; isdataat:!1,relative;
classtype:trojan-activity; sid:2815134; rev:3; metadata:created_at
2015_11_30, updated_at 2020_06_09;)

They don't get much more identical than that.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200616/e3f2658a/attachment.html>


More information about the Emerging-sigs mailing list