cablegay:
не подскажите что тут должно быть в кавычках?
Код:
Ошибку пишет - IPS Error: snort/rules/used.rules(8137) Rule options must be enclosed in '(' and ')'. (1)
не подскажите что тут должно быть в кавычках?
Код:
| drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN [ANY.RUN] PlanetStealer CnC Checkin"; flow:established,to_server; flowbits:set,ET.PlanetStealer.Checkin; content:"POST"; http_method; content:"/submit/info"; http_uri; content:"User-Agent|3a 20|Go-http-client/"; http_header; content:"|22|owner_id|22 3a 22|"; http_client_body; content:"|22|bot_id|22 3a 22|"; http_client_body; content:"|22|build_id|22 3a 22|"; http_client_body; content:"|22|statistics|22 3a 7b 22|total_passwords|22 3a|"; http_client_body; fast_pattern; content:"|22|total_cookies|22 3a|"; http_client_body; content:"|22|total_cards|22 3a|"; http_client_body; content:"|22|total_autofills|22 3a|"; http_client_body; content:"|22|total_wallets|22 3a|"; http_client_body; content:"|22|total_bookmarks|22 3a|"; http_client_body; content:"|22|computer|22 3a 7b 22|username|22 3a 22|"; http_client_body; content:"|22|hostname|22 3a 22|"; http_client_body; content:"|22|hwid|22 3a 22|"; http_client_body; pcre:"/\x22hwid\x22\x3a\x22[a-f0-9]{8}-([a-f0-9]{4}-){3}[a-f0-9]{12}\x22/P"; content:"|22|cpu|22 3a 22|"; http_client_body; content:"|22|gpu|22 3a 22|"; http_client_body; content:"|22|windows_version|22 3a 22|Windows"; http_client_body; content:"|22|country|22 3a 22|"; http_client_body; content:"|22|ip|22 3a 22|"; http_client_body; content:"|22|wallets|22 3a|"; http_client_body; content:"|22|credentials|22 3a|"; http_client_body; content:"|22|software|22 3a|"; http_client_body; content:"|22|file|22 3a|"; http_client_body; content:!"Referer|3a 20|"; http_header; reference:md5,99a0225b149f9a918aaccafa73c42a1f; reference:url,community.emergingthreats.net/t/planetstealer; reference:url,app.any.run/tasks/a55c931e-99d7-4b32-8672-2b5733ae3dd4; classtype:trojan-activity; sid:2051490; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Windows_11, attack_target Client_Endpoint, tls_state plaintext, created_at 2024_03_05, deployment Perimeter, malware_family PlanetStealer, performance_impact Low, confidence High, si drop Major, tag InfoStealer, tag PlanetStealer, updated_at 2024_03_05;) |
Ошибку пишет - IPS Error: snort/rules/used.rules(8137) Rule options must be enclosed in '(' and ')'. (1)