summaryrefslogtreecommitdiffstats
path: root/tests/rule-with-unicode.rules
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 17:43:34 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 17:43:34 +0000
commit0fcce96a175531ec6042cde1b11a0052aa261dd5 (patch)
tree898a1e161c4984b41e6a732866bd73b24f0f7b7a /tests/rule-with-unicode.rules
parentInitial commit. (diff)
downloadsuricata-update-0fcce96a175531ec6042cde1b11a0052aa261dd5.tar.xz
suricata-update-0fcce96a175531ec6042cde1b11a0052aa261dd5.zip
Adding upstream version 1.3.2.upstream/1.3.2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/rule-with-unicode.rules')
-rw-r--r--tests/rule-with-unicode.rules4
1 files changed, 4 insertions, 0 deletions
diff --git a/tests/rule-with-unicode.rules b/tests/rule-with-unicode.rules
new file mode 100644
index 0000000..8377f33
--- /dev/null
+++ b/tests/rule-with-unicode.rules
@@ -0,0 +1,4 @@
+# This is a file where a rule has unicode in it - the second rule.
+alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Fake AV Phone Scam Mar 23"; flow:established,to_client; content:"200"; http_stat_code; content:"Content-Type|3a 20|text/html"; http_header; file_data; content:"<title>Microsoft"; fast_pattern; nocase; content:"function myFunction"; nocase; distance:0; content:"setInterval"; nocase; distance:0; pcre:"/^\s*?\(\s*?function\s*?\(\s*?\)\s*?\{\s*?alert\s*?\(/Rsi"; content:"<audio"; nocase; distance:0; classtype:trojan-activity; sid:2022649; rev:2;)
+alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN KHRAT DragonOK DNS Lookup (inter-ctrip .com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0b|inter-ctrip|03|com|00|"; nocase; distance:0; fast_pattern; reference:url,blogs.forcepoint.com/security-labs/trojanized-adobe-installer-used-install-dragonok’s-new-custom-backdoor; classtype:trojan-activity; sid:2024108; rev:1;)
+alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS RealtyListings detail.asp iPro Parameter SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/detail.asp?"; nocase; uricontent:"iPro="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; reference:url,secunia.com/advisories/33167/; reference:url,milw0rm.com/exploits/7464; reference:url,doc.emergingthreats.net/2009050; classtype:web-application-attack; sid:2009050; rev:3;)