alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Rogue AV Downloader concat URI"; flow:established,to_server; content:".php?id="; http_uri; content:"x="; http_uri; content:"os="; http_uri; content:"n="; http_uri; pcre:"/\.php\?id=[a-zA-Z]{15,}&?x=\d+&?os=[0-9.]+&?n=\d/U"; reference:url,malwareurl.com; classtype:trojan-activity; sid:2011925; rev:6;)

Added 2014-09-12 16:28:28 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Rogue AV Downloader concat URI"; flow:established,to_server; content:".php?id="; http_uri; content:"x="; http_uri; content:"os="; http_uri; content:"n="; http_uri; pcre:"/\.php\?id=[a-zA-Z]{15,}&?x=\d+&?os=[0-9.]+&?n=\d/U"; reference:url,malwareurl.com; classtype:trojan-activity; sid:2011925; rev:4;)

Added 2012-06-22 00:48:42 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Rogue AV Downloader concat URI"; flow:established,to_server; content:".php?id="; http_uri; content:"x="; http_uri; content:"os="; http_uri; content:"n="; http_uri; pcre:"/\.php\?id=[a-zA-Z]{15,}&?x=\d+&?os=[0-9.]+&?n=\d+/U"; reference:url,malwareurl.com; classtype:trojan-activity; sid:2011925; rev:3;)

Added 2011-10-12 19:32:58 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Rogue AV Downloader concat URI"; flow:established,to_server; content:".php?id="; http_uri; content:"x="; http_uri; content:"os="; http_uri; content:"n="; http_uri; pcre:"/\.php\?id=[a-zA-Z]{15,}&?x=\d+&?os=[0-9.]+&?n=\d+/U"; classtype:trojan-activity; reference:url,malwareurl.com; sid:2011925; rev:3;)

Added 2011-02-04 17:31:44 UTC


Topic revision: r1 - 2014-09-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats