Snort mailing list archives
Re: New sig for detecting Microsoft OneDrive iOS App 8.13 Insecure URI Scheme tel attempt
From: Tyler Montier <tmontier () sourcefire com>
Date: Fri, 12 May 2017 15:25:48 -0400
Rmkml, Thanks for your submission. We will review the rule and get back to you when it's finished. Sincerely, Tyler Montier Cisco Talos On Thu, May 11, 2017 at 5:52 PM, rmkml <rmkml () ligfy org> wrote:
Hi, Please check a new sig for detecting Microsoft OneDrive iOS App 8.13 Insecure URI Scheme tel attempt: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-CLIENT Microsoft OneDrive iOS App 8.13 Insecure URI Scheme tel attempt"; flow:to_client,established; file_data; content:"tel|3a 2F 2F|"; nocase; distance:0; pcre:"/\btel\x3a\x2f\x2f/si"; reference:url,www.sec-consult.com/fxdata/seccons/prod/ temedia/advisories_txt/20170510-0_Microsoft_OneDrive_ iOS_App_Insecure_Handling_URI_schemes_v10.txt; classtype:attempted-user; sid:1; rev:1;) Don't forget check variables. Please send any comments. Regards @Rmkml ------------------------------------------------------------ ------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- New sig for detecting Microsoft OneDrive iOS App 8.13 Insecure URI Scheme tel attempt rmkml (May 11)
- Re: New sig for detecting Microsoft OneDrive iOS App 8.13 Insecure URI Scheme tel attempt Tyler Montier (May 12)