EmergingThreats> Main Web>2009525 (2019-10-11, TWikiGuest) EditAttach

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET"; http_method; content:"Opera/8.81 (Windows NT 6.0|3b 20|U|3b 20|en)"; http_user_agent; depth:34; isdataat:!1,relative; metadata: former_category USER_AGENTS; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; reference:url,doc.emergingthreats.net/2009525; classtype:trojan-activity; sid:2009525; rev:8; metadata:created_at 2010_07_30, updated_at 2019_10_11;)

Added 2019-10-11 19:56:30 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET USER_AGENTS Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Opera/8.81 (Windows NT 6.0|3b| U|3b| en)|0d0a|"; http_header; metadata: former_category TROJAN; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; reference:url,doc.emergingthreats.net/2009525; classtype:trojan-activity; sid:2009525; rev:7; metadata:created_at 2010_07_30, updated_at 2019_09_26;)

Added 2019-09-26 19:56:27 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Opera/8.81 (Windows NT 6.0|3b| U|3b| en)|0d0a|"; http_header; metadata: former_category TROJAN; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; reference:url,doc.emergingthreats.net/2009525; classtype:trojan-activity; sid:2009525; rev:6; metadata:created_at 2010_07_30, updated_at 2017_10_30;)

Added 2018-09-13 19:40:41 UTC

Added 2018-09-13 17:54:19 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Opera/8.81 (Windows NT 6.0|3b| U|3b| en)|0d0a|"; http_header; metadata: former_category TROJAN; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; reference:url,doc.emergingthreats.net/2009525; classtype:trojan-activity; sid:2009525; rev:6; metadata:created_at 2010_07_30, updated_at 2017_10_30;)

Added 2017-10-30 18:17:36 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Opera/8.81 (Windows NT 6.0|3b| U|3b| en)|0d0a|"; http_header; metadata: former_category TROJAN; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; reference:url,doc.emergingthreats.net/2009525; classtype:trojan-activity; sid:2009525; rev:6; metadata:created_at 2010_07_30, updated_at 2017_10_30;)

Added 2017-10-30 16:39:45 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Opera/8.81 (Windows NT 6.0|3b| U|3b| en)|0d0a|"; http_header; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; reference:url,doc.emergingthreats.net/2009525; classtype:trojan-activity; sid:2009525; rev:5; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:02:40 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Opera/8.81 (Windows NT 6.0|3b| U|3b| en)|0d0a|"; http_header; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; reference:url,doc.emergingthreats.net/2009525; classtype:trojan-activity; sid:2009525; rev:5;)

Added 2011-10-12 19:27:37 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Opera/8.81 (Windows NT 6.0|3b| U|3b| en)|0d0a|"; http_header; classtype:trojan-activity; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; reference:url,doc.emergingthreats.net/2009525; sid:2009525; rev:5;)

Added 2011-09-14 22:40:55 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Opera/8.81 (Windows NT 6.0|3b| U|3b| en)|0d0a|"; http_header; classtype:trojan-activity; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; reference:url,doc.emergingthreats.net/2009525; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Sality; sid:2009525; rev:5;)

Added 2011-02-04 17:28:52 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET "; depth:5; content:"|0d0a|User-Agent\: Opera/8.81 (Windows NT 6.0\; U\; en)|0d0a|"; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009525; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Sality; sid:2009525; rev:2;)

Added 2009-07-09 18:45:36 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET "; depth:5; content:"|0d0a|User-Agent\: Opera/8.81 (Windows NT 6.0\; U\; en)|0d0a|"; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009525; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Sality; sid:2009525; rev:2;)

Added 2009-07-09 18:45:36 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET "; depth:5; content:"|0d0a|User-Agent\: Opera/8.81 (Windows NT 6.0\; U\; en)|0d0a|"; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; classtype:trojan-activity; sid:2009525; rev:1;)

Added 2009-07-09 13:37:47 UTC

Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2019-10-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats