alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Win32/Parite.B Checkin 3"; flow:to_server,established; dsize:>1000; content:"|00 00 00 00 9c 00 00 00 06 00 00 00 01 00 00 00|"; offset:0; depth:16; content:"|b1 1d 00 00 02 00 00 00|"; distance:0; reference:md5,d10d6d2a29dd27b44e015dd6bf4cb346; classtype:trojan-activity; sid:2024429; rev:1;)

Added 2017-07-18 17:00:18 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Striked Ransomware CnC? Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"User-Agent|3a 20|python"; http_header; fast_pattern; content:"crid="; http_client_body; depth:5; content:"&dta="; http_client_body; distance:0; content:"&email="; http_client_body; distance:0; content:!"Referer|3a|"; http_header; reference:md5,80317e3194d8f7fd495b0bf06cae2295; classtype:trojan-activity; sid:2024466; rev:2;)

Added 2017-07-13 17:46:18 UTC


Topic revision: r1 - 2017-07-18 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats