alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Opachki Link Hijacker HTTP Header Injection"; flow:established,to_server; content:".php?l="; fast_pattern; nocase; http_uri; content:"&u="; nocase; http_uri; content:"Accept-Encoding|3a|"; http_header; nocase; content:"Referer|3a| "; http_header; nocase; pcre:"/^Accept-Encoding\x3a\s+([a-z])\1{3}/Hmi"; reference:url,www.secureworks.com/research/threats/opachki/?threat=opachki; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fOpachki.A; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2009-092213-3317-99&tabid=2; reference:url,doc.emergingthreats.net/2010283; classtype:trojan-activity; sid:2010283; rev:9; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:03:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Opachki Link Hijacker HTTP Header Injection"; flow:established,to_server; content:".php?l="; fast_pattern; nocase; http_uri; content:"&u="; nocase; http_uri; content:"Accept-Encoding|3a|"; http_header; nocase; content:"Referer|3a| "; http_header; nocase; pcre:"/^Accept-Encoding\x3a\s+([a-z])\1{3}/Hmi"; reference:url,www.secureworks.com/research/threats/opachki/?threat=opachki; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fOpachki.A; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2009-092213-3317-99&tabid=2; reference:url,doc.emergingthreats.net/2010283; classtype:trojan-activity; sid:2010283; rev:8;)

Added 2013-05-02 22:17:00 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Opachki Link Hijacker HTTP Header Injection"; flow:established,to_server; content:".php?l="; fast_pattern; nocase; http_uri; content:"&u="; nocase; http_uri; content:"Accept-Encoding|3a|"; http_header; nocase; content:"Referer|3a| "; http_header; nocase; pcre:"/^Accept-Encoding\x3a\s+([a-z])\1{3,}/Hmi"; reference:url,www.secureworks.com/research/threats/opachki/?threat=opachki; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fOpachki.A; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2009-092213-3317-99&tabid=2; reference:url,doc.emergingthreats.net/2010283; classtype:trojan-activity; sid:2010283; rev:7;)

Added 2011-10-12 19:29:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Opachki Link Hijacker HTTP Header Injection"; flow:established,to_server; content:".php?l="; fast_pattern; nocase; http_uri; content:"&u="; nocase; http_uri; content:"Accept-Encoding|3a|"; http_header; nocase; content:"Referer|3a| "; http_header; nocase; pcre:"/^Accept-Encoding\x3a\s+([a-z])\1{3,}/Hmi"; classtype:trojan-activity; reference:url,www.secureworks.com/research/threats/opachki/?threat=opachki; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fOpachki.A; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2009-092213-3317-99&tabid=2; reference:url,doc.emergingthreats.net/2010283; sid:2010283; rev:7;)

Added 2011-09-14 22:42:37 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Opachki Link Hijacker HTTP Header Injection"; flow:established,to_server; content:".php?l="; fast_pattern; nocase; http_uri; content:"&u="; nocase; http_uri; content:"Accept-Encoding|3a|"; http_header; nocase; content:"Referer|3a| "; http_header; nocase; pcre:"/^Accept-Encoding\x3a\s+([a-z])\1{3,}/Hmi"; classtype:trojan-activity; reference:url,www.secureworks.com/research/threats/opachki/?threat=opachki; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fOpachki.A; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2009-092213-3317-99&tabid=2; reference:url,doc.emergingthreats.net/2010283; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Opachki; sid:2010283; rev:7;)

Added 2011-02-04 17:29:46 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Opachki Link Hijacker HTTP Header Injection"; flow:established,to_server; uricontent:".php?l="; nocase; uricontent:"&u="; nocase; content:"|0d 0a|Accept-Encoding|3a|"; nocase; content:"|0d 0a|Referer|3a| "; nocase; pcre:"/\x0d\x0aAccept-Encoding\x3a\s+([a-z])\1{3,}/i"; classtype:trojan-activity; reference:url,www.secureworks.com/research/threats/opachki/?threat=opachki; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fOpachki.A; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2009-092213-3317-99&tabid=2; reference:url,doc.emergingthreats.net/2010283; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Opachki; sid:2010283; rev:3;)

Added 2009-11-18 21:00:42 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Opachki Link Hijacker HTTP Header Injection"; flow:established,to_server; uricontent:".php?l="; nocase; uricontent:"&u="; nocase; content:"|0d 0a|Accept-Encoding|3a|"; nocase; content:"|0d 0a|Referer|3a| "; nocase; pcre:"/\x0d\x0aAccept-Encoding\x3a\s+([a-z])\1{3,}/i"; classtype:trojan-activity; reference:url,www.secureworks.com/research/threats/opachki/?threat=opachki; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fOpachki.A; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2009-092213-3317-99&tabid=2; reference:url,doc.emergingthreats.net/2010283; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Opachki; sid:2010283; rev:3;)

Added 2009-11-18 21:00:42 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Opachki Link Hijacker HTTP Header Injection"; flow:established,to_server; uricontent:".php?l="; nocase; uricontent:"&u="; nocase; content:"|0d 0a|Accept-Encoding|3a|"; nocase; content:"|0d 0a|Referer|3a| "; nocase; pcre:"/\x0d\x0aAccept-Encoding\x3a\s+([a-z])\1{3,}/i"; classtype:trojan-activity; reference:url,www.secureworks.com/research/threats/opachki/?threat=opachki; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fOpachki.A; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2009-092213-3317-99&tabid=2; sid:2010283; rev:2;)

Added 2009-11-10 15:45:42 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Opachki Link Hijacker HTTP Header Injection"; flow:established,to_server; uricontent:".php?l="; nocase; uricontent:"&u="; nocase; content:"|0d 0a|Accept-Encoding|3a|"; nocase; content:"|0d 0a|Referer|3a| "; nocase; pcre:"/\x0d\x0aAccept-Encoding\x3a\s+([a-z])\1{3,}/i"; classtype:trojan-activity; reference:url,www.secureworks.com/research/threats/opachki/?threat=opachki; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fOpachki.A; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2009-092213-3317-99&tabid=2; sid:2010283; rev:2;)

Added 2009-11-10 15:45:42 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Opachki Link Hijacker HTTP Header Injection"; flow:established,to_server; uricontent:".php?l="; nocase; uricontent:"&u="; nocase; content:"|0d 0a|Accept-Encoding|3a|"; nocase; content:"|0d 0a|Referer|3a| "; nocase; pcre:"/\x0d\x0aAccept-Encoding\x3a\s+[a-z]{3,}/i"; classtype:trojan-activity; reference:url,www.secureworks.com/research/threats/opachki/?threat=opachki; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fOpachki.A; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2009-092213-3317-99&tabid=2; sid:2010283; rev:1;)

Added 2009-11-10 07:28:24 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats