""ET CURRENT_EVENTS Sweet Orange Landing Page Dec 09 2013""

SID: 2017817

Revision: 10

Class Type: trojan-activity

Metadata: created_at 2013_12_10, updated_at 2014_09_23

Reference:

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: established,from_server

Contents:

  • Value: "display|3a| none|3b 22|"

  • Value: ">"

  • Value: !">"

  • Value: "f"

Within: 200

PCRE: "/^(?P.{1,50})u(?P=sep)n(?P=sep)c(?P=sep)t(?P=sep)i(?P=sep)o(?P=sep)n(?P=sep)\s/R"

Special Options:

  • file_data

  • nocase

  • nocase

source