alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_host; content:!"cfbeta.razersynapse.com"; http_host; content:!"download.windowsupdate.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:11; metadata:created_at 2014_04_21, updated_at 2018_10_09;)

Added 2018-10-09 18:08:44 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_host; content:!"cfbeta.razersynapse.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:10; metadata:created_at 2014_04_21, updated_at 2017_03_16;)

Added 2018-09-13 19:48:42 UTC


Added 2018-09-13 17:58:37 UTC


alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:9; metadata:created_at 2014_04_21, updated_at 2017_03_16;)

Added 2017-08-07 21:12:28 UTC


alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; classtype:trojan-activity; sid:2018403; rev:9;)

Added 2017-05-05 16:58:53 UTC


alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:9;)

Added 2017-05-03 17:35:13 UTC


alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; classtype:trojan-activity; sid:2018403; rev:9;)

Added 2017-03-20 19:16:55 UTC


alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; classtype:trojan-activity; sid:2018403; rev:9;)

Added 2017-03-16 22:26:32 UTC


alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; classtype:trojan-activity; sid:2018403; rev:8;)

Added 2015-05-28 18:19:54 UTC


alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; classtype:trojan-activity; sid:2018403; rev:7;)

Added 2014-10-03 16:40:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Zbot Based Loader"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!".dlservice.microsoft.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; classtype:trojan-activity; sid:2018403; rev:4;)

Added 2014-05-30 18:34:06 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Zbot Based Loader"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!".dlservice.microsoft.com|0d 0a|"; http_header; classtype:trojan-activity; sid:2018403; rev:3;)

Added 2014-05-01 18:28:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Zbot Based Loader"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; classtype:trojan-activity; sid:2018403; rev:2;)

Added 2014-04-21 19:36:52 UTC


Topic revision: r1 - 2018-10-09 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats