alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN HTTP Andromeda File Request"; flow:established,to_server; content:"myguy"; http_uri; fast_pattern:only; pcre:"/myguy\.(?:xls(?:\.hta)?|exe)$/U"; metadata: former_category TROJAN; reference:url,gist.github.com/vulnersCom/65fe44d27d29d7a5de4c176baba45759; reference:cve,2017-0199; classtype:trojan-activity; sid:2024490; rev:3; metadata:created_at 2017_07_21, updated_at 2017_09_25;)

Added 2017-09-25 18:16:44 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN HTTP Andromeda File Request"; flow:established,to_server; content:"myguy"; http_uri; fast_pattern:only; pcre:"/myguy\.(?:xls(?:\.hta)?|exe)$/U"; metadata: former_category TROJAN; reference:url,gist.github.com/vulnersCom/65fe44d27d29d7a5de4c176baba45759; reference:cve,2017-0199; classtype:trojan-activity; sid:2024490; rev:2; metadata:created_at 2017_07_21, updated_at 2017_09_25;)

Added 2017-09-25 17:52:29 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN HTTP Request with suspicious filename - myguy"; flow:established,to_server; content:"myguy"; http_uri; fast_pattern:only; pcre:"/myguy\.(?:xls(?:\.hta)?|exe)$/U"; reference:url,gist.github.com/vulnersCom/65fe44d27d29d7a5de4c176baba45759; classtype:trojan-activity; sid:2024490; rev:2; metadata:created_at 2017_07_21, updated_at 2017_07_21;)

Added 2017-08-07 21:19:52 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN HTTP Request with suspicious filename - myguy"; flow:established,to_server; content:"myguy"; http_uri; fast_pattern:only; pcre:"/myguy\.(?:xls(?:\.hta)?|exe)$/U"; reference:url,gist.github.com/vulnersCom/65fe44d27d29d7a5de4c176baba45759; classtype:trojan-activity; sid:2024490; rev:2;)

Added 2017-07-21 16:46:33 UTC


Topic revision: r1 - 2017-09-25 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats