alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/Symmi Remote File Injector Initial CnC? Beacon"; flow:established,to_server; content:"/ggu.php"; fast_pattern; http_uri; content:"Mozilla/5.0"; http_user_agent; depth:11; isdataat:!1,relative; reference:url,www.deependresearch.org/2013/05/under-this-rock-vulnerable.html; classtype:trojan-activity; sid:2016967; rev:3; metadata:attack_target Client_Endpoint, created_at 2013_06_03, deployment Perimeter, former_category MALWARE, signature_severity Major, tag c2, updated_at 2020_09_15, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)

Added 2021-06-18 18:19:14 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/Symmi Remote File Injector Initial CnC? Beacon"; flow:established,to_server; content:"/ggu.php"; fast_pattern; http_uri; content:"Mozilla/5.0"; http_user_agent; depth:11; isdataat:!1,relative; reference:url,www.deependresearch.org/2013/05/under-this-rock-vulnerable.html; classtype:trojan-activity; sid:2016967; rev:3; metadata:created_at 2013_06_03, former_category MALWARE, updated_at 2020_09_15;)

Added 2020-09-15 18:38:39 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/Symmi Remote File Injector Initial CnC? Beacon"; flow:established,to_server; content:"/ggu.php"; fast_pattern; http_uri; content:"Mozilla/5.0"; http_user_agent; depth:11; isdataat:!1,relative; reference:url,www.deependresearch.org/2013/05/under-this-rock-vulnerable.html; classtype:trojan-activity; sid:2016967; rev:3; metadata:created_at 2013_06_03, former_category MALWARE, updated_at 2019_09_28;)

Added 2020-08-05 19:09:06 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/Symmi Remote File Injector Initial CnC? Beacon"; flow:established,to_server; content:"/ggu.php"; fast_pattern; http_uri; content:"Mozilla/5.0"; http_user_agent; depth:11; isdataat:!1,relative; metadata: former_category MALWARE; reference:url,www.deependresearch.org/2013/05/under-this-rock-vulnerable.html; classtype:trojan-activity; sid:2016967; rev:3; metadata:created_at 2013_06_03, updated_at 2019_09_28;)

Added 2019-10-01 08:28:07 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/Symmi Remote File Injector Initial CnC? Beacon"; flow:established,to_server; content:"/ggu.php"; fast_pattern; http_uri; content:"Mozilla/5.0"; http_user_agent; depth:11; isdataat:!1,relative; metadata: former_category MALWARE; reference:url,www.deependresearch.org/2013/05/under-this-rock-vulnerable.html; classtype:trojan-activity; sid:2016967; rev:3; metadata:created_at 2013_06_03, updated_at 2019_09_28;)

Added 2019-10-01 04:22:30 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/Symmi Remote File Injector Initial CnC? Beacon"; flow:established,to_server; content:"/ggu.php"; fast_pattern; http_uri; content:"Mozilla/5.0"; http_user_agent; depth:11; isdataat:!1,relative; metadata: former_category MALWARE; reference:url,www.deependresearch.org/2013/05/under-this-rock-vulnerable.html; classtype:trojan-activity; sid:2016967; rev:3; metadata:created_at 2013_06_03, updated_at 2013_06_03;)

Added 2019-09-19 19:25:56 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/Symmi Remote File Injector Initial CnC? Beacon"; flow:established,to_server; content:"/ggu.php"; fast_pattern; http_uri; content:"Mozilla/5.0"; http_user_agent; depth:11; isdataat:!1,relative; reference:url,www.deependresearch.org/2013/05/under-this-rock-vulnerable.html; classtype:trojan-activity; sid:2016967; rev:3; metadata:created_at 2013_06_03, updated_at 2013_06_03;)

Added 2018-09-13 19:47:04 UTC


Added 2018-09-13 17:57:42 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/Symmi Remote File Injector Initial CnC? Beacon"; flow:established,to_server; content:"/ggu.php"; fast_pattern:only; http_uri; content:"User-Agent|3A| Mozilla/5.0|0D 0A|"; http_header; reference:url,www.deependresearch.org/2013/05/under-this-rock-vulnerable.html; classtype:trojan-activity; sid:2016967; rev:2; metadata:created_at 2013_06_03, updated_at 2013_06_03;)

Added 2017-08-07 21:10:48 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN W32/Symmi Remote File Injector Initial CnC? Beacon"; flow:established,to_server; content:"/ggu.php"; fast_pattern:only; http_uri; content:"User-Agent|3A| Mozilla/5.0|0D 0A|"; http_header; reference:url,www.deependresearch.org/2013/05/under-this-rock-vulnerable.html; classtype:trojan-activity; sid:2016967; rev:1;)

Added 2013-06-03 18:54:54 UTC


Topic revision: r1 - 2021-06-18 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats