alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Win32.Bicololo Response 2"; flow:established,to_client; flowbits:isset,ET.Bicololo.Request; content:"ci_session="; http_cookie; fast_pattern; file_data; content:"ok"; depth:2; isdataat:!1,relative; reference:md5,691bd07048b09c73f0a979529a66f6e3; classtype:trojan-activity; sid:2016948; rev:3; metadata:created_at 2013_05_31, updated_at 2019_06_14;)

Added 2019-06-14 18:21:48 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Win32.Bicololo Response 2"; flow:established,to_client; flowbits:isset,ET.Bicololo.Request; content:"ci_session="; http_cookie; file_data; content:"ok"; fast_pattern; within:2; isdataat:!1,relative; reference:md5,691bd07048b09c73f0a979529a66f6e3; classtype:trojan-activity; sid:2016948; rev:2; metadata:created_at 2013_05_31, updated_at 2013_05_31;)

Added 2018-09-13 19:47:03 UTC


Added 2018-09-13 17:57:42 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Win32.Bicololo Response 2"; flow:established,to_client; flowbits:isset,ET.Bicololo.Request; content:"ci_session="; http_cookie; file_data; content:"ok"; fast_pattern; within:2; isdataat:!1,relative; reference:md5,691bd07048b09c73f0a979529a66f6e3; classtype:trojan-activity; sid:2016948; rev:2; metadata:created_at 2013_05_31, updated_at 2013_05_31;)

Added 2017-08-07 21:10:47 UTC


alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"ET TROJAN Win32.Bicololo Response 2"; flow:established,to_client; flowbits:isset,ET.Bicololo.Request; content:"|0d 0a|Set-Cookie|3a| ci_session="; content:"|0d 0a 0d 0a|2|0d 0a|ok|0d 0a|0"; fast_pattern; distance:0; pcre:"/^(\r\n)+?$/R"; reference:md5,691bd07048b09c73f0a979529a66f6e3; classtype:trojan-activity; sid:2016948; rev:1;)

Added 2013-05-31 00:02:45 UTC


Topic revision: r1 - 2019-06-14 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats