alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Urausy.C Checkin 3"; flow:to_server,established; urilen:>80; content:"GET"; http_method; content:".php"; http_uri; isdataat:!1,relative; pcre:"/\/[a-z-_]{75,}\.php$/U"; content:"Mozilla/5.0 (compatible|3b 20|MSIE|20|"; http_user_agent; fast_pattern; http_header_names; content:"|0d 0a|User-Agent|0d 0a|"; depth:14; content:!"Referer"; content:!"Accept"; reference:md5,09462f13d7e6aaa0bff2788158343829; reference:md5,b18f80d665f340af91003226a2b974b6; reference:md5,1494b8b9f42753a4bc1762d8f3287db6; classtype:trojan-activity; sid:2016809; rev:6; metadata:created_at 2013_05_01, updated_at 2019_06_14;)

Added 2019-06-14 18:21:48 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Urausy.C Checkin 3"; flow:to_server,established; urilen:>80; content:"GET"; http_method; content:".php"; http_uri; fast_pattern:only; content:!"Referer|3a| "; http_header; content:!"Accept|3a| "; http_header; pcre:"/\/[a-z-_]{75,}\.php$/U"; content:"User-Agent|3a 20|Mozilla/5.0 (compatible|3b| MSIE "; depth:42; http_header; reference:md5,09462f13d7e6aaa0bff2788158343829; reference:md5,b18f80d665f340af91003226a2b974b6; reference:md5,1494b8b9f42753a4bc1762d8f3287db6; classtype:trojan-activity; sid:2016809; rev:5; metadata:created_at 2013_05_01, updated_at 2013_05_01;)

Added 2018-09-13 19:46:52 UTC


Added 2018-09-13 17:57:35 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Urausy.C Checkin 3"; flow:to_server,established; urilen:>80; content:"GET"; http_method; content:".php"; http_uri; fast_pattern:only; content:!"Referer|3a| "; http_header; content:!"Accept|3a| "; http_header; pcre:"/\/[a-z-_]{75,}\.php$/U"; content:"User-Agent|3a 20|Mozilla/5.0 (compatible|3b| MSIE "; depth:42; http_header; reference:md5,09462f13d7e6aaa0bff2788158343829; reference:md5,b18f80d665f340af91003226a2b974b6; reference:md5,1494b8b9f42753a4bc1762d8f3287db6; classtype:trojan-activity; sid:2016809; rev:5; metadata:created_at 2013_05_01, updated_at 2013_05_01;)

Added 2017-08-07 21:10:37 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32/Urausy.C Checkin 3"; flow:to_server,established; urilen:>80; content:"GET"; http_method; content:".php"; http_uri; fast_pattern:only; content:!"Referer|3a| "; http_header; content:!"Accept|3a| "; http_header; pcre:"/\/[a-z-_]{75,}\.php$/U"; content:"User-Agent|3a 20|Mozilla/5.0 (compatible|3b| MSIE "; depth:42; http_header; reference:md5,09462f13d7e6aaa0bff2788158343829; reference:md5,b18f80d665f340af91003226a2b974b6; reference:md5,1494b8b9f42753a4bc1762d8f3287db6; classtype:trojan-activity; sid:2016809; rev:5;)

Added 2013-05-01 20:48:21 UTC


Topic revision: r1 - 2019-06-14 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats