alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Xtrat.A Checkin"; flow:established,to_server; content:".functions"; http_uri; fast_pattern; isdataat:!1,relative; pcre:"/^\/\d+\.functions$/U"; content:!"microsoft.com"; http_host; http_header_names; content:!"Referer"; reference:url,threatexpert.com/report.aspx?md5=f45b1b82c849fbbea3374ae7e9200092; classtype:trojan-activity; sid:2016275; rev:10; metadata:created_at 2011_12_12, updated_at 2011_12_12;)

Added 2018-09-13 19:46:14 UTC


Added 2018-09-13 17:57:15 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Xtrat.A Checkin"; flow:established,to_server; content:".functions"; http_uri; fast_pattern:only; content:!"Referer|3a|"; http_header; pcre:"/^\/\d+\.functions$/U"; content:!"microsoft.com|0d 0a|"; http_header; reference:url,threatexpert.com/report.aspx?md5=f45b1b82c849fbbea3374ae7e9200092; classtype:trojan-activity; sid:2016275; rev:9; metadata:created_at 2011_12_12, updated_at 2011_12_12;)

Added 2017-08-07 21:09:58 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Xtrat.A Checkin"; flow:established,to_server; content:".functions HTTP/1."; fast_pattern; content:!"Referer|3a|"; distance:0; pcre:"/^[^\r\n]+\/\d+\.functions HTTP\/1\./"; content:!"Host|3a| microsoft.com|0d 0a|"; reference:url,threatexpert.com/report.aspx?md5=f45b1b82c849fbbea3374ae7e9200092; classtype:trojan-activity; sid:2016275; rev:14;)

Added 2014-01-27 18:12:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Xtrat.A Checkin"; flow:established,to_server; content:"/1234567890.functions HTTP/1.1|0d 0a|"; content:!"Host|3a| microsoft.com|0d 0a|"; distance:0; reference:url,threatexpert.com/report.aspx?md5=f45b1b82c849fbbea3374ae7e9200092; classtype:trojan-activity; sid:2016275; rev:13;)

Added 2013-03-19 19:05:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32.Refroso.dmzq Checkin"; flow:established,to_server; content:"/1234567890.functions"; depth:21; offset:4; content:!"Host|3a| microsoft.com|0d 0a|"; distance:0; reference:url,threatexpert.com/report.aspx?md5=f45b1b82c849fbbea3374ae7e9200092; classtype:trojan-activity; sid:2016275; rev:9;)

Added 2013-01-24 22:58:25 UTC


Topic revision: r1 - 2018-09-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats