alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"Mozilla"; depth:7; http_user_agent; content:!".apple.com"; http_host; isdataat:!1,relative; content:!".pandora.com"; http_host; isdataat:!1,relative; content:!"microsoft.com"; http_host; isdataat:!1,relative; pcre:"/\/rpt\d/U"; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:16; metadata:created_at 2010_07_30, former_category MALWARE, updated_at 2020_09_16;)
Added 2020-09-16 18:29:28 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"Mozilla"; depth:7; http_user_agent; content:!".apple.com"; http_host; isdataat:!1,relative; content:!".pandora.com"; http_host; isdataat:!1,relative; content:!"microsoft.com"; http_host; isdataat:!1,relative; pcre:"/\/rpt\d/U"; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:16; metadata:created_at 2010_07_30, former_category MALWARE, updated_at 2019_09_28;)
Added 2020-08-05 19:05:18 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"Mozilla"; depth:7; http_user_agent; content:!".apple.com"; http_host; isdataat:!1,relative; content:!".pandora.com"; http_host; isdataat:!1,relative; content:!"microsoft.com"; http_host; isdataat:!1,relative; pcre:"/\/rpt\d/U"; metadata: former_category MALWARE; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:16; metadata:created_at 2010_07_30, updated_at 2019_09_28;)
Added 2019-10-01 08:28:00 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"Mozilla"; depth:7; http_user_agent; content:!".apple.com"; http_host; isdataat:!1,relative; content:!".pandora.com"; http_host; isdataat:!1,relative; content:!"microsoft.com"; http_host; isdataat:!1,relative; pcre:"/\/rpt\d/U"; metadata: former_category MALWARE; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:16; metadata:created_at 2010_07_30, updated_at 2019_09_28;)
Added 2019-10-01 04:22:22 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"Mozilla"; depth:7; http_user_agent; content:!".apple.com"; http_host; isdataat:!1,relative; content:!".pandora.com"; http_host; isdataat:!1,relative; content:!"microsoft.com"; http_host; isdataat:!1,relative; pcre:"/\/rpt\d/U"; metadata: former_category MALWARE; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:16; metadata:created_at 2010_07_30, updated_at 2019_02_11;)
Added 2019-09-26 19:56:12 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"Mozilla"; depth:7; http_user_agent; content:!".apple.com"; http_host; isdataat:!1,relative; content:!".pandora.com"; http_host; isdataat:!1,relative; content:!"microsoft.com"; http_host; isdataat:!1,relative; pcre:"/\/rpt\d/U"; metadata: former_category TROJAN; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:16; metadata:created_at 2010_07_30, updated_at 2019_02_11;)
Added 2019-02-11 17:18:30 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; content:!".apple.com|0d 0a|"; http_header; content:!".pandora.com|0d 0a|"; http_header; pcre:"/\/rpt\d/U"; metadata: former_category TROJAN; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:15; metadata:created_at 2010_07_30, updated_at 2017_04_06;)
Added 2018-09-13 19:39:44 UTC
Added 2018-09-13 17:53:47 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; content:!".apple.com|0d 0a|"; http_header; content:!".pandora.com|0d 0a|"; http_header; pcre:"/\/rpt\d/U"; metadata: former_category TROJAN; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:15; metadata:created_at 2010_07_30, updated_at 2017_04_06;)
Added 2017-08-07 21:01:24 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; content:!".apple.com|0d 0a|"; http_header; content:!".pandora.com|0d 0a|"; http_header; pcre:"/\/rpt\d/U"; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:15;)
Added 2017-05-05 16:58:50 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; content:!".apple.com|0d 0a|"; http_header; content:!".pandora.com|0d 0a|"; http_header; pcre:"/\/rpt\d/U"; metadata: former_category TROJAN; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:15;)
Added 2017-05-03 17:35:06 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; content:!".apple.com|0d 0a|"; http_header; content:!".pandora.com|0d 0a|"; http_header; pcre:"/\/rpt\d/U"; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:15;)
Added 2017-04-06 17:20:38 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; content:!".apple.com|0d 0a|"; http_header; pcre:"/\/rpt\d/U"; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:14;)
Added 2015-12-11 18:32:51 UTC
FP for
GoTOMyPC?
GoToMyPC? is remote desktop software that allows users to access computers remotely using a web browser. It was developed by
ExpertCity? and launched in 1998. Citrix Systems acquired
ExpertCity? in 2004 and maintained the
GoToMyPC? brand and services. Citrix spun off the
GoTo? products, which were acquired by
LogMeIn? in early 2017.[2] There are three versions: "Personal", "Pro", and "Corporate".
GET /log?M=14932414&iv=0&body=T%3d2017-03-20+16%3a...................................................................................................data..........................................................b3xEeSITr5JDpLaTI/rpt3L8bc9N+bgKqAW+L................data........== HTTP/1.1
Host: 66.151.158.177
HTTP/1.0 200 OK
Content-Type: text/plain
Content-Length: 15
S=OK&E=default
Please consider rule modification
Thank you.
Regards
--
MaksymParpaley - 2017-03-21
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; content:!"captive.apple.com|0d 0a|"; http_header; pcre:"/\/rpt\d/U"; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:13;)
Added 2015-12-08 18:09:33 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; pcre:"/\/rpt\d/U"; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:11;)
Added 2012-03-16 17:31:45 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; pcre:"/\/rpt\d/U"; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:10;)
Added 2011-10-12 19:24:42 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; pcre:"/\/rpt\d/U"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008233; sid:2008233; rev:10;)
Added 2011-09-14 22:38:10 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; pcre:"/^\/rpt\d/U"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008233; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008233; rev:9;)
Added 2011-02-04 17:27:20 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/rpt"; content:!"|0d 0a|User-Agent\: Mozilla"; pcre:"/^\/rpt\d/U"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008233; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008233; rev:5;)
Added 2009-04-23 17:00:35 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/rpt"; content:!"|0d 0a|User-Agent\: Mozilla"; pcre:"/^\/rpt\d/U"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008233; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008233; rev:5;)
Added 2009-04-23 17:00:35 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/rpt"; content:!"User-Agent\: Mozilla"; pcre:"/\/rpt\d/"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008233; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008233; rev:4;)
Added 2009-02-12 18:21:16 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/rpt"; content:!"User-Agent\: Mozilla"; pcre:"/\/rpt\d/"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008233; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008233; rev:4;)
Added 2009-02-12 18:21:16 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/rpt"; content:!"User-Agent\: Mozilla"; pcre:"/\/rpt\d/"; classtype:trojan-activity; sid:2008233; rev:3;)
Added 2008-09-13 14:30:21 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/rpt"; content:!"User-Agent\: Mozilla"; pcre:"/\/rpt\d/"; classtype:trojan-activity; sid:2008233; rev:3;)
Added 2008-09-13 14:30:21 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/rpt"; content:!"User-Agent\: Mozilla"; classtype:trojan-activity; sid:2008233; rev:2;)
Added 2008-08-28 09:30:22 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/rpt"; content:!"User-Agent\: Mozilla"; classtype:trojan-activity; sid:2008233; rev:2;)
Added 2008-08-28 09:30:22 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/tj/"; uricontent:"d2W0eYCqAE"; nocase; content:!"|0d 0a|User-Agent\: Mozilla"; classtype:trojan-activity; sid:2008233; rev:1;)
Added 2008-05-19 13:14:16 UTC