alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"Mozilla"; depth:7; http_user_agent; content:!".apple.com"; http_host; isdataat:!1,relative; content:!".pandora.com"; http_host; isdataat:!1,relative; content:!"microsoft.com"; http_host; isdataat:!1,relative; pcre:"/\/rpt\d/U"; metadata: former_category TROJAN; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:16; metadata:created_at 2010_07_30, updated_at 2019_02_11;) Added 2019-02-11 17:18:30 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; content:!".apple.com|0d 0a|"; http_header; content:!".pandora.com|0d 0a|"; http_header; pcre:"/\/rpt\d/U"; metadata: former_category TROJAN; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:15; metadata:created_at 2010_07_30, updated_at 2017_04_06;) Added 2018-09-13 19:39:44 UTC
Added 2018-09-13 17:53:47 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; content:!".apple.com|0d 0a|"; http_header; content:!".pandora.com|0d 0a|"; http_header; pcre:"/\/rpt\d/U"; metadata: former_category TROJAN; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:15; metadata:created_at 2010_07_30, updated_at 2017_04_06;) Added 2017-08-07 21:01:24 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; content:!".apple.com|0d 0a|"; http_header; content:!".pandora.com|0d 0a|"; http_header; pcre:"/\/rpt\d/U"; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:15;) Added 2017-05-05 16:58:50 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; content:!".apple.com|0d 0a|"; http_header; content:!".pandora.com|0d 0a|"; http_header; pcre:"/\/rpt\d/U"; metadata: former_category TROJAN; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:15;) Added 2017-05-03 17:35:06 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; content:!".apple.com|0d 0a|"; http_header; content:!".pandora.com|0d 0a|"; http_header; pcre:"/\/rpt\d/U"; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:15;) Added 2017-04-06 17:20:38 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; content:!".apple.com|0d 0a|"; http_header; pcre:"/\/rpt\d/U"; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:14;) Added 2015-12-11 18:32:51 UTC FP for GoTOMyPC? GoToMyPC? is remote desktop software that allows users to access computers remotely using a web browser. It was developed by ExpertCity? and launched in 1998. Citrix Systems acquired ExpertCity? in 2004 and maintained the GoToMyPC? brand and services. Citrix spun off the GoTo? products, which were acquired by LogMeIn? in early 2017.[2] There are three versions: "Personal", "Pro", and "Corporate". GET /log?M=14932414&iv=0&body=T%3d2017-03-20+16%3a...................................................................................................data..........................................................b3xEeSITr5JDpLaTI/rpt3L8bc9N+bgKqAW+L................data........== HTTP/1.1 Host: 66.151.158.177 HTTP/1.0 200 OK Content-Type: text/plain Content-Length: 15 S=OK&E=default Please consider rule modification Thank you. Regards -- MaksymParpaley - 2017-03-21
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; content:!"captive.apple.com|0d 0a|"; http_header; pcre:"/\/rpt\d/U"; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:13;) Added 2015-12-08 18:09:33 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; pcre:"/\/rpt\d/U"; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:11;) Added 2012-03-16 17:31:45 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; pcre:"/\/rpt\d/U"; reference:url,doc.emergingthreats.net/2008233; classtype:trojan-activity; sid:2008233; rev:10;) Added 2011-10-12 19:24:42 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; pcre:"/\/rpt\d/U"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008233; sid:2008233; rev:10;) Added 2011-09-14 22:38:10 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET"; http_method; content:"/rpt"; http_uri; content:!"User-Agent|3a| Mozilla"; http_header; pcre:"/^\/rpt\d/U"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008233; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008233; rev:9;) Added 2011-02-04 17:27:20 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/rpt"; content:!"|0d 0a|User-Agent\: Mozilla"; pcre:"/^\/rpt\d/U"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008233; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008233; rev:5;) Added 2009-04-23 17:00:35 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/rpt"; content:!"|0d 0a|User-Agent\: Mozilla"; pcre:"/^\/rpt\d/U"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008233; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008233; rev:5;) Added 2009-04-23 17:00:35 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/rpt"; content:!"User-Agent\: Mozilla"; pcre:"/\/rpt\d/"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008233; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008233; rev:4;) Added 2009-02-12 18:21:16 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/rpt"; content:!"User-Agent\: Mozilla"; pcre:"/\/rpt\d/"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008233; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008233; rev:4;) Added 2009-02-12 18:21:16 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/rpt"; content:!"User-Agent\: Mozilla"; pcre:"/\/rpt\d/"; classtype:trojan-activity; sid:2008233; rev:3;) Added 2008-09-13 14:30:21 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/rpt"; content:!"User-Agent\: Mozilla"; pcre:"/\/rpt\d/"; classtype:trojan-activity; sid:2008233; rev:3;) Added 2008-09-13 14:30:21 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/rpt"; content:!"User-Agent\: Mozilla"; classtype:trojan-activity; sid:2008233; rev:2;) Added 2008-08-28 09:30:22 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/rpt"; content:!"User-Agent\: Mozilla"; classtype:trojan-activity; sid:2008233; rev:2;) Added 2008-08-28 09:30:22 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Common Downloader Install Report URL (farfly checkin)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/tj/"; uricontent:"d2W0eYCqAE"; nocase; content:!"|0d 0a|User-Agent\: Mozilla"; classtype:trojan-activity; sid:2008233; rev:1;) Added 2008-05-19 13:14:16 UTC
Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actionsTopic revision: r2 - 2017-03-21 - MaksymParpaley
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © Emerging Threats