alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Adware.Winggo.AB Checkin"; flow:established,to_server; content:"/LogProc.php?"; fast_pattern; http_uri; content:"mac="; http_uri; content:"mode="; http_uri; content:"&pCode="; http_uri; reference:md5,2700d3fcdd4b8a7c22788db1658d9163; reference:url,www.threatcenter.crdf.fr/?More&ID=46606&D=CRDF.Malware.Win32.PEx.Delphi.307674628; classtype:trojan-activity; sid:2013797; rev:6; metadata:created_at 2011_10_24, former_category ADWARE_PUP, updated_at 2020_10_12;)

Added 2021-09-13 18:07:02 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Adware.Winggo.AB Checkin"; flow:established,to_server; content:"/LogProc.php?"; fast_pattern; http_uri; content:"mac="; http_uri; content:"mode="; http_uri; content:"&pCode="; http_uri; reference:url,www.threatexpert.com/report.aspx?md5=2700d3fcdd4b8a7c22788db1658d9163; reference:url,www.threatcenter.crdf.fr/?More&ID=46606&D=CRDF.Malware.Win32.PEx.Delphi.307674628; classtype:trojan-activity; sid:2013797; rev:6; metadata:created_at 2011_10_24, former_category ADWARE_PUP, updated_at 2020_10_12;)

Added 2020-10-12 18:29:47 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Adware.Winggo.AB Checkin"; flow:established,to_server; content:"/LogProc.php?"; fast_pattern; http_uri; content:"mac="; http_uri; content:"mode="; http_uri; content:"&pCode="; http_uri; reference:url,www.threatexpert.com/report.aspx?md5=2700d3fcdd4b8a7c22788db1658d9163; reference:url,www.threatcenter.crdf.fr/?More&ID=46606&D=CRDF.Malware.Win32.PEx.Delphi.307674628; classtype:trojan-activity; sid:2013797; rev:6; metadata:created_at 2011_10_24, former_category ADWARE_PUP, updated_at 2019_10_07;)

Added 2020-08-05 19:07:42 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Adware.Winggo.AB Checkin"; flow:established,to_server; content:"/LogProc.php?"; fast_pattern; http_uri; content:"mac="; http_uri; content:"mode="; http_uri; content:"&pCode="; http_uri; metadata: former_category ADWARE_PUP; reference:url,www.threatexpert.com/report.aspx?md5=2700d3fcdd4b8a7c22788db1658d9163; reference:url,www.threatcenter.crdf.fr/?More&ID=46606&D=CRDF.Malware.Win32.PEx.Delphi.307674628; classtype:trojan-activity; sid:2013797; rev:6; metadata:created_at 2011_10_24, updated_at 2019_10_07;)

Added 2019-10-08 19:34:08 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Adware.Winggo.AB Checkin"; flow:established,to_server; content:"/LogProc.php?"; fast_pattern:only; http_uri; content:"mac="; http_uri; content:"mode="; http_uri; content:"&pCode="; http_uri; metadata: former_category ADWARE_PUP; reference:url,www.threatexpert.com/report.aspx?md5=2700d3fcdd4b8a7c22788db1658d9163; reference:url,www.threatcenter.crdf.fr/?More&ID=46606&D=CRDF.Malware.Win32.PEx.Delphi.307674628; classtype:trojan-activity; sid:2013797; rev:5; metadata:created_at 2011_10_24, updated_at 2011_10_24;)

Added 2019-09-26 19:56:59 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Adware.Winggo.AB Checkin"; flow:established,to_server; content:"/LogProc.php?"; fast_pattern:only; http_uri; content:"mac="; http_uri; content:"mode="; http_uri; content:"&pCode="; http_uri; metadata: former_category MALWARE; reference:url,www.threatexpert.com/report.aspx?md5=2700d3fcdd4b8a7c22788db1658d9163; reference:url,www.threatcenter.crdf.fr/?More&ID=46606&D=CRDF.Malware.Win32.PEx.Delphi.307674628; classtype:trojan-activity; sid:2013797; rev:5; metadata:created_at 2011_10_24, updated_at 2011_10_24;)

Added 2019-08-15 20:33:13 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Adware.Winggo.AB Checkin"; flow:established,to_server; content:"/LogProc.php?"; fast_pattern:only; http_uri; content:"mac="; http_uri; content:"mode="; http_uri; content:"&pCode="; http_uri; reference:url,www.threatexpert.com/report.aspx?md5=2700d3fcdd4b8a7c22788db1658d9163; reference:url,www.threatcenter.crdf.fr/?More&ID=46606&D=CRDF.Malware.Win32.PEx.Delphi.307674628; classtype:trojan-activity; sid:2013797; rev:4; metadata:created_at 2011_10_24, updated_at 2011_10_24;)

Added 2018-09-13 19:43:45 UTC


Added 2018-09-13 17:55:56 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Adware.Winggo.AB Checkin"; flow:established,to_server; content:"/LogProc.php?"; fast_pattern:only; http_uri; content:"mac="; http_uri; content:"mode="; http_uri; content:"&pCode="; http_uri; reference:url,www.threatexpert.com/report.aspx?md5=2700d3fcdd4b8a7c22788db1658d9163; reference:url,www.threatcenter.crdf.fr/?More&ID=46606&D=CRDF.Malware.Win32.PEx.Delphi.307674628; classtype:trojan-activity; sid:2013797; rev:4; metadata:created_at 2011_10_24, updated_at 2011_10_24;)

Added 2017-08-07 21:07:04 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Win32/Adware.Winggo.AB Checkin"; flow:established,to_server; content:"/LogProc.php?"; fast_pattern:only; http_uri; content:"mac="; http_uri; content:"mode="; http_uri; content:"&pCode="; http_uri; reference:url,www.threatexpert.com/report.aspx?md5=2700d3fcdd4b8a7c22788db1658d9163; reference:url,www.threatcenter.crdf.fr/?More&ID=46606&D=CRDF.Malware.Win32.PEx.Delphi.307674628; classtype:trojan-activity; sid:2013797; rev:4;)

Added 2012-10-11 22:12:14 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32.PEx.Delphi.307674628 Checkin"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/LogProc.php?mac="; nocase; http_uri; content:"&mode="; nocase; http_uri; content:"&pCode="; nocase; http_uri; reference:url,www.threatexpert.com/report.aspx?md5=2700d3fcdd4b8a7c22788db1658d9163; reference:url,www.threatcenter.crdf.fr/?More&ID=46606&D=CRDF.Malware.Win32.PEx.Delphi.307674628; classtype:trojan-activity; sid:2013797; rev:2;)

Added 2012-03-21 18:10:06 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32.PEx.Delphi.307674628 Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/LogProc.php?mac="; nocase; http_uri; content:"&mode="; nocase; http_uri; content:"&pCode="; nocase; http_uri; reference:url,www.threatexpert.com/report.aspx?md5=2700d3fcdd4b8a7c22788db1658d9163; reference:url,www.threatcenter.crdf.fr/?More&ID=46606&D=CRDF.Malware.Win32.PEx.Delphi.307674628; classtype:trojan-activity; sid:2013797; rev:1;)

Added 2011-10-24 14:48:54 UTC


Topic revision: r1 - 2021-09-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats