#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED CoolEK? Payload Download (7)"; flow:established,to_server; content:"/get"; http_uri; fast_pattern:only; content:".jpg"; http_uri; pcre:"/\/(?:w(?:hite|orld)|step)\/get(?:a+|n+)\.jpg/U"; classtype:trojan-activity; sid:2016559; rev:15; metadata:created_at 2013_03_08, former_category EXPLOIT_KIT, updated_at 2021_06_23;)

Added 2021-06-23 19:31:50 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED CoolEK? Payload Download (7)"; flow:established,to_server; content:"/get"; http_uri; fast_pattern:only; content:".jpg"; http_uri; pcre:"/\/(?:w(?:hite|orld)|step)\/get(?:a+|n+)\.jpg/U"; classtype:trojan-activity; sid:2016559; rev:15; metadata:created_at 2013_03_08, former_category EXPLOIT_KIT, updated_at 2020_09_29;)

Added 2020-09-29 18:42:01 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED CoolEK? Payload Download (7)"; flow:established,to_server; content:"/get"; http_uri; fast_pattern:only; content:".jpg"; http_uri; pcre:"/\/(?:w(?:hite|orld)|step)\/get(?:a+|n+)\.jpg/U"; classtype:trojan-activity; sid:2016559; rev:15; metadata:created_at 2013_03_08, former_category EXPLOIT_KIT, updated_at 2019_10_07;)

Added 2020-08-05 19:08:56 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED CoolEK? Payload Download (7)"; flow:established,to_server; content:"/get"; http_uri; fast_pattern:only; content:".jpg"; http_uri; pcre:"/\/(?:w(?:hite|orld)|step)\/get(?:a+|n+)\.jpg/U"; metadata: former_category EXPLOIT_KIT; classtype:trojan-activity; sid:2016559; rev:15; metadata:created_at 2013_03_08, updated_at 2019_10_07;)

Added 2019-10-08 19:34:09 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED CoolEK? Payload Download (7)"; flow:established,to_server; content:"/get"; http_uri; fast_pattern:only; content:".jpg"; http_uri; pcre:"/\/(?:w(?:hite|orld)|step)\/get(?:a+|n+)\.jpg/U"; metadata: former_category EXPLOIT_KIT; classtype:trojan-activity; sid:2016559; rev:15; metadata:created_at 2013_03_08, updated_at 2013_03_08;)

Added 2019-09-26 19:57:21 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED CoolEK? Payload Download (7)"; flow:established,to_server; content:"/get"; http_uri; fast_pattern:only; content:".jpg"; http_uri; pcre:"/\/(?:w(?:hite|orld)|step)\/get(?:a+|n+)\.jpg/U"; classtype:trojan-activity; sid:2016559; rev:15; metadata:created_at 2013_03_08, updated_at 2013_03_08;)

Added 2018-09-13 19:46:33 UTC


Added 2018-09-13 17:57:25 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED CoolEK? Payload Download (7)"; flow:established,to_server; content:"/get"; http_uri; fast_pattern:only; content:".jpg"; http_uri; pcre:"/\/(?:w(?:hite|orld)|step)\/get(?:a+|n+)\.jpg/U"; classtype:trojan-activity; sid:2016559; rev:15; metadata:created_at 2013_03_08, updated_at 2013_03_08;)

Added 2017-08-07 21:10:18 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED CoolEK? Payload Download (7)"; flow:established,to_server; content:"/get"; http_uri; fast_pattern:only; content:".jpg"; http_uri; pcre:"/\/(?:w(?:hite|orld)|step)\/get(?:a+|n+)\.jpg/U"; classtype:trojan-activity; sid:2016559; rev:15;)

Added 2015-01-26 17:20:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CoolEK? Payload Download (7)"; flow:established,to_server; content:"/get"; http_uri; fast_pattern:only; content:".jpg"; http_uri; content:!"Referer|3a| "; http_header; pcre:"/\/get(?:a+|n+)\.jpg$/U"; classtype:trojan-activity; sid:2016559; rev:13;)

Added 2013-06-05 22:27:49 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CoolEK? Payload Download (7)"; flow:established,to_server; content:"/get"; http_uri; fast_pattern:only; content:".jpg"; http_uri; pcre:"/\/(?:w(?:hite|orld)|step)\/get(?:a+|n+)\.jpg/U"; classtype:trojan-activity; sid:2016559; rev:12;)

Added 2013-04-08 22:12:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CoolEK? Payload Download (7)"; flow:established,to_server; content:"/getnn.jpg"; http_uri; nocase; fast_pattern:only; content:" Java/1."; http_header; pcre:"/\/w(?:hite|orld)\/getnn\.jpg$/U"; classtype:trojan-activity; sid:2016559; rev:8;)

Added 2013-03-28 23:46:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CoolEK? Payload Download (7)"; flow:established,to_server; content:"/getnn.jpg"; http_uri; nocase; fast_pattern:only; content:" Java/1."; http_header; pcre:"/\/w(?:hite|orld)\/getnn\.jpg$/U"; classtype:trojan-activity; sid:2016559; rev:8;)

Added 2013-03-28 18:53:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CoolEK? Payload Download (7)"; flow:established,to_server; content:"/world/getnn.jpg"; http_uri; nocase; fast_pattern:only; content:" Java/1."; http_header; classtype:trojan-activity; sid:2016559; rev:7;)

Added 2013-03-08 18:07:42 UTC


Topic revision: r1 - 2021-06-23 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats