📄 rule.xml

📁 一款轻量级的入侵检测系统对于网页中的shellcode有一定的防范能力
💻 XML
📖 第 1 页 / 共 5 页
字号:
<flags></flags><seq></seq><ack></ack><windows></windows><content><payload>|01 9a 8c 66 af c0 4a 11 9e 3f 40 88 12 2c 3a 4a 84 65 38 b0 b4 08 0b af db ce 02 94 34 5f 22|</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BLEEDING-EDGE TROJAN HackerDefender Root Kit Remote Connection Attempt Detected</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>|d0 84 ec 77 cf ec 60 e9|</payload><offset></offset><depth>8</depth><distance></distance><nocase></nocase></content><msg>BLEEDING-EDGE TROJAN HackerDefender.HE Root Kit Control Connection</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>80</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>/bsrv.php?</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><content><payload>lang=</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><content><payload>&socksport=</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><content><payload>&httpport=</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><content><payload>&uptimem=</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><content><payload>&uptimeh=</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><content><payload>&uid=</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><content><payload>&ver=</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><msg>BLEEDING-EDGE TROJAN Haxdoor Reporting User Activity</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>80</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>.php?param=</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><content><payload>&socksport=</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><content><payload>&httpport=</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><content><payload>&uptime</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><content><payload>&uid=</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><content><payload>&ver=</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><msg>BLEEDING-EDGE TROJAN Haxdoor Reporting User Activity 2</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>|63 6f 6d 66 69 64 65 6e 74 69 61 6c 20 64 6f 63 75 6d 65 6e 74 20 28 57 6f 72 64 29 20 66 72 6f 6d 20 44 69 67 69 44 6f 63 00 43 4d 20 25 73 20|</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BLEEDING-EDGE VIRUS Hotword Trojan in Transit</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>21</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>STOR __</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><content><payload>-CHJO.DRV</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><msg>BLEEDING-EDGE VIRUS Hotword Trojan - Possible File Upload CHJO</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>21</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>STOR __</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><content><payload>-CFXP.DRV</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><msg>BLEEDING-EDGE VIRUS Hotword Trojan - Possible File Upload CFXP</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>21</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>SIZE pspv.exe</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BLEEDING-EDGE VIRUS Hotword Trojan - Possible FTP File Request pspv.exe</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>21</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>LIST </payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><content><payload>.tea</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><msg>BLEEDING-EDGE VIRUS Hotword Trojan - Possible FTP File Request .tea</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>21</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>|53 54 4f 52 20 5f 5f 5f 0d 0a|</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BLEEDING-EDGE VIRUS Hotword Trojan - Possible FTP File Status Upload ___</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>21</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>|53 49 5a 45 20 5f 5f 5f 0d 0a|</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BLEEDING-EDGE VIRUS Hotword Trojan - Possible FTP File Status Check ___</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>USER </payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><content><payload>|20 3a|</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><content><payload>|0a|</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BLEEDING-EDGE TROJAN IRC USER command</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>NICK </payload><offset></offset><depth>50</depth><distance></distance><nocase>true</nocase></content><content><payload>|0a|</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BLEEDING-EDGE TROJAN IRC NICK command</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>|6A 6F 69 6E 20 23|</payload><offset></offset><depth>50</depth><distance></distance><nocase>true</nocase></content><content><payload>|0a|</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BLEEDING-EDGE TROJAN IRC JOIN command</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>\:Welcome!psyBNC</payload><offset></offset><depth>15</depth><distance></distance><nocase>true</nocase></content><msg>BLEEDING-EDGE TROJAN psyBNC IRC Server Connection</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>PRIVMSG </payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BLEEDING-EDGE TROJAN IRC PRIVMSG command</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>PING </payload><offset></offset><depth>5</depth><distance></distance><nocase></nocase></content><msg>BLEEDING-EDGE TROJAN IRC PING command</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>PONG </payload><offset></offset><depth>5</depth><distance></distance><nocase></nocase></content><msg>BLEEDING-EDGE TROJAN IRC PONG command</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>80</srcport><dstport>any</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>#@~^/gAAAA==@#@&@#@&7lMP\:HVK^P{P[W1Ehn</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><content><payload>#@~^GAIAAA==@#@&\\CMPsX/DD,xPvEU+kmC2</payload><offset></offset><depth></depth><distance></distance><nocase></nocase></content><msg>BLEEDING-EDGE IE Ilookup Trojan</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>80</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>User-Agent\: faser</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><msg>BLEEDING-EDGE TROJAN Inject.BV Trojan User Agent Detected (faserx)</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>80</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>/s_13_0?m=</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><content><payload>r=</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><content><payload>&a=</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><content><payload>&os=</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><msg>BLEEDING-EDGE TROJAN Klom.A Connecting to Controller</msg></rule><rule><proto>tcp</proto><srcip>any</srcip><dstip>any</dstip><srcport>any</srcport><dstport>80</dstport><direction>single</direction><ttl></ttl><tos></tos><identity></identity><dsize></dsize><flags></flags><seq></seq><ack></ack><windows></windows><content><payload>/cp/rule.php?</payload><offset></offset><depth></depth><distance></distance><nocase>true</nocase></content><content><payload>fstt=</payload><offset></offset><depth></depth>
💿 文件大小 90 K
👤 上传用户 shanon
📂 所属分类其他
🏷️ 相关标签

#shellcode #轻量级 #入侵检测系统 #页
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -