Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Suricata rule - VPNFilter User Agent
alert http any any -> any any (msg:"VPNFilter malware User-Agent"; content:"Mozilla/6.1 (compatible|3B| MSIE 9.0|3B| Windows NT 5.3|3B| Trident/5.0)"; http_user_agent; sid:2; rev:1;)
@King-Konsto

This comment has been minimized.

Copy link

@King-Konsto King-Konsto commented Jun 1, 2018

escape semicolons inside contents

alert http any any -> any any (msg:"VPNFilter malware User-Agent"; content:"Mozilla/6.1 (compatible|3B| MSIE 9.0|3B| Windows NT 5.3|3B| Trident/5.0)"; http_user_agent; sid:2; rev:1;)

@Neo23x0

This comment has been minimized.

Copy link
Owner Author

@Neo23x0 Neo23x0 commented Jun 7, 2018

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.