alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:9; metadata:created_at 2014_04_21, updated_at 2017_03_16;)

Added 2017-08-07 21:12:28 UTC


alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; classtype:trojan-activity; sid:2018403; rev:9;)

Added 2017-05-05 16:58:53 UTC


alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:9;)

Added 2017-05-03 17:35:13 UTC


alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; classtype:trojan-activity; sid:2018403; rev:9;)

Added 2017-03-20 19:16:55 UTC


alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; classtype:trojan-activity; sid:2018403; rev:9;)

Added 2017-03-16 22:26:32 UTC


alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; classtype:trojan-activity; sid:2018403; rev:8;)

Added 2015-05-28 18:19:54 UTC


alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; classtype:trojan-activity; sid:2018403; rev:7;)

Added 2014-10-03 16:40:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Zbot Based Loader"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!".dlservice.microsoft.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; classtype:trojan-activity; sid:2018403; rev:4;)

Added 2014-05-30 18:34:06 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Zbot Based Loader"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!".dlservice.microsoft.com|0d 0a|"; http_header; classtype:trojan-activity; sid:2018403; rev:3;)

Added 2014-05-01 18:28:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Zbot Based Loader"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; classtype:trojan-activity; sid:2018403; rev:2;)

Added 2014-04-21 19:36:52 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats