alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE W32/Eorezo.Adware CnC? Beacon"; flow:established,to_server; content:"/cgi-bin/advert/settags?x_mode="; fast_pattern:8,20; http_uri; content:"&x_format="; http_uri; content:"&x_pub_id="; http_uri; content:"&tag="; http_uri; content:"Mozilla/4.0 (compatible|3B| Win32|3B| WinHttpRequest?.5)"; http_user_agent; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2012-061213-2441-99; classtype:trojan-activity; sid:2016546; rev:4; metadata:attack_target Client_Endpoint, created_at 2013_03_06, deployment Perimeter, former_category ADWARE_PUP, signature_severity Major, tag c2, updated_at 2020_08_31, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)

Added 2021-06-18 18:19:13 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE W32/Eorezo.Adware CnC? Beacon"; flow:established,to_server; content:"/cgi-bin/advert/settags?x_mode="; fast_pattern:8,20; http_uri; content:"&x_format="; http_uri; content:"&x_pub_id="; http_uri; content:"&tag="; http_uri; content:"Mozilla/4.0 (compatible|3B| Win32|3B| WinHttpRequest?.5)"; http_user_agent; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2012-061213-2441-99; classtype:trojan-activity; sid:2016546; rev:4; metadata:created_at 2013_03_06, former_category ADWARE_PUP, updated_at 2020_08_31;)

Added 2020-08-31 18:09:20 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE W32/Eorezo.Adware CnC? Beacon"; flow:established,to_server; content:"/cgi-bin/advert/settags?x_mode="; fast_pattern:8,20; http_uri; content:"&x_format="; http_uri; content:"&x_pub_id="; http_uri; content:"&tag="; http_uri; content:"Mozilla/4.0 (compatible|3B| Win32|3B| WinHttpRequest?.5)"; http_user_agent; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2012-061213-2441-99; classtype:trojan-activity; sid:2016546; rev:4; metadata:created_at 2013_03_06, former_category ADWARE_PUP, updated_at 2013_03_06;)

Added 2020-08-05 19:08:56 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE W32/Eorezo.Adware CnC? Beacon"; flow:established,to_server; content:"/cgi-bin/advert/settags?x_mode="; fast_pattern:8,20; http_uri; content:"&x_format="; http_uri; content:"&x_pub_id="; http_uri; content:"&tag="; http_uri; content:"Mozilla/4.0 (compatible|3B| Win32|3B| WinHttpRequest?.5)"; http_user_agent; metadata: former_category ADWARE_PUP; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2012-061213-2441-99; classtype:trojan-activity; sid:2016546; rev:4; metadata:created_at 2013_03_06, updated_at 2013_03_06;)

Added 2019-09-19 19:25:55 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE W32/Eorezo.Adware CnC? Beacon"; flow:established,to_server; content:"/cgi-bin/advert/settags?x_mode="; fast_pattern:8,20; http_uri; content:"&x_format="; http_uri; content:"&x_pub_id="; http_uri; content:"&tag="; http_uri; content:"Mozilla/4.0 (compatible|3B| Win32|3B| WinHttpRequest?.5)"; http_user_agent; metadata: former_category MALWARE; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2012-061213-2441-99; classtype:trojan-activity; sid:2016546; rev:4; metadata:created_at 2013_03_06, updated_at 2013_03_06;)

Added 2019-08-15 20:33:16 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE W32/Eorezo.Adware CnC? Beacon"; flow:established,to_server; content:"/cgi-bin/advert/settags?x_mode="; fast_pattern:8,20; http_uri; content:"&x_format="; http_uri; content:"&x_pub_id="; http_uri; content:"&tag="; http_uri; content:"Mozilla/4.0 (compatible|3B| Win32|3B| WinHttpRequest?.5)"; http_user_agent; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2012-061213-2441-99; classtype:trojan-activity; sid:2016546; rev:3; metadata:created_at 2013_03_06, updated_at 2013_03_06;)

Added 2018-09-13 19:46:32 UTC


Added 2018-09-13 17:57:25 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE W32/Eorezo.Adware CnC? Beacon"; flow:established,to_server; content:"/cgi-bin/advert/settags?x_mode="; fast_pattern:8,20; http_uri; content:"&x_format="; http_uri; content:"&x_pub_id="; http_uri; content:"&tag="; http_uri; content:"Mozilla/4.0 (compatible|3B| Win32|3B| WinHttpRequest?.5)"; http_user_agent; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2012-061213-2441-99; classtype:trojan-activity; sid:2016546; rev:3; metadata:created_at 2013_03_06, updated_at 2013_03_06;)

Added 2017-08-07 21:10:17 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE W32/Eorezo.Adware CnC? Beacon"; flow:established,to_server; content:"/cgi-bin/advert/settags?x_mode="; fast_pattern:8,20; http_uri; content:"&x_format="; http_uri; content:"&x_pub_id="; http_uri; content:"&tag="; http_uri; content:"User-Agent|3A| Mozilla/4.0 (compatible|3B| Win32|3B| WinHttpRequest?.5)"; http_header; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2012-061213-2441-99; classtype:trojan-activity; sid:2016546; rev:1;)

Added 2013-03-07 01:16:54 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Unknown Exploit KIt seen with O1/O2.class /search"; flow:established,to_server; content:"/L"; http_uri; depth:2; content:"/form|0d 0a|"; http_header; fast_pattern:only; pcre:"/^\/L[a-zA-Z0-9]+\/[a-zA-Z0-9\x5f]+\?[a-z]+=[A-Za-z0-9\x2e]{10,}$/Um"; classtype:trojan-activity; sid:2015647; rev:2;)

Added 2012-08-20 18:42:03 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Joomla com_g2bridge controller parameter Local File Inclusion Attempt"; flow:established,to_server; content:"/index.php?"; nocase; http_uri; content:"option=com_g2bridge"; nocase; http_uri; content:"controller="; nocase; http_uri; content:"|2e 2e 2f|"; depth:200; reference:url,packetstormsecurity.org/files/90150/Joomla-G2Bridge-Local-File-Inclusion.html; classtype:web-application-attack; sid:2016546; rev:2;)

Added 2012-08-17 16:41:00 UTC


Topic revision: r1 - 2021-06-18 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats