alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/TrojanSpy.MSIL Fetch Header CnC? Beacon"; flow:established,to_server; content:"/features/fetch/header/"; http_uri; content:!"User-Agent|3A|"; http_header; content:!"Content-"; http_header; content:!"Accept-"; http_header; reference:url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AMSIL%2FCrime.B; classtype:trojan-activity; sid:2016536; rev:2; metadata:attack_target Client_Endpoint, created_at 2013_03_04, deployment Perimeter, former_category MALWARE, signature_severity Major, tag c2, updated_at 2020_04_23, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)

Added 2021-06-18 18:19:13 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/TrojanSpy.MSIL Fetch Header CnC? Beacon"; flow:established,to_server; content:"/features/fetch/header/"; http_uri; content:!"User-Agent|3A|"; http_header; content:!"Content-"; http_header; content:!"Accept-"; http_header; reference:url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AMSIL%2FCrime.B; classtype:trojan-activity; sid:2016536; rev:2; metadata:created_at 2013_03_04, former_category MALWARE, updated_at 2020_04_23;)

Added 2020-08-05 19:08:55 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/TrojanSpy.MSIL Fetch Header CnC? Beacon"; flow:established,to_server; content:"/features/fetch/header/"; http_uri; content:!"User-Agent|3A|"; http_header; content:!"Content-"; http_header; content:!"Accept-"; http_header; metadata: former_category MALWARE; reference:url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AMSIL%2FCrime.B; classtype:trojan-activity; sid:2016536; rev:2; metadata:created_at 2013_03_04, updated_at 2020_04_23;)

Added 2020-04-24 18:20:27 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/TrojanSpy.MSIL Fetch Header CnC? Beacon"; flow:established,to_server; content:"/features/fetch/header/"; http_uri; content:!"User-Agent|3A|"; http_header; content:!"Content-"; http_header; content:!"Accept-"; http_header; metadata: former_category MALWARE; reference:url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AMSIL%2FCrime.B; classtype:trojan-activity; sid:2016536; rev:2; metadata:created_at 2013_03_04, updated_at 2013_03_04;)

Added 2019-09-19 19:25:55 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/TrojanSpy.MSIL Fetch Header CnC? Beacon"; flow:established,to_server; content:"/features/fetch/header/"; http_uri; content:!"User-Agent|3A|"; http_header; content:!"Content-"; http_header; content:!"Accept-"; http_header; reference:url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AMSIL%2FCrime.B; classtype:trojan-activity; sid:2016536; rev:2; metadata:created_at 2013_03_04, updated_at 2013_03_04;)

Added 2018-09-13 19:46:31 UTC


Added 2018-09-13 17:57:24 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/TrojanSpy.MSIL Fetch Header CnC? Beacon"; flow:established,to_server; content:"/features/fetch/header/"; http_uri; content:!"User-Agent|3A|"; http_header; content:!"Content-"; http_header; content:!"Accept-"; http_header; reference:url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AMSIL%2FCrime.B; classtype:trojan-activity; sid:2016536; rev:2; metadata:created_at 2013_03_04, updated_at 2013_03_04;)

Added 2017-08-07 21:10:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN W32/TrojanSpy.MSIL Fetch Header CnC? Beacon"; flow:established,to_server; content:"/features/fetch/header/"; http_uri; content:!"User-Agent|3A|"; http_header; content:!"Content-"; http_header; content:!"Accept-"; http_header; reference:url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AMSIL%2FCrime.B; classtype:trojan-activity; sid:2016536; rev:1;)

Added 2013-03-04 21:43:03 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Unknown Exploit KIt seen with O1/O2.class /search"; flow:established,to_server; content:"/L"; http_uri; depth:2; content:"/form|0d 0a|"; http_header; fast_pattern:only; pcre:"/^\/L[a-zA-Z0-9]+\/[a-zA-Z0-9\x5f]+\?[a-z]+=[A-Za-z0-9\x2e]{10,}$/Um"; classtype:trojan-activity; sid:2015647; rev:2;)

Added 2012-08-20 18:42:02 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Backdoor.Briba Checkin"; flow:to_server,established; content:"POST"; nocase; http_method; content:"loginmid="; http_client_body; content:"nickid="; http_client_body; reference:url,labs.alienvault.com/labs/index.php/2012/cve-2012-1535-adobe-flash-being-exploited-in-the-wild/; classtype:trojan-activity; sid:2016536; rev:1;)

Added 2012-08-16 16:40:02 UTC


Topic revision: r1 - 2021-06-18 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats