alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Comisproc Checkin"; flow:to_server,established; content:".asp?mac="; http_uri; content:"&ver="; http_uri; distance:0; content:"Google"; nocase; http_user_agent; depth:6; reference:md5,9378ef5f2fb2e71e5eeed20f9f21d8dd; reference:url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32/Comisproc&ThreatID=-2147341910; reference:url,unixfreaxjp.blogspot.com.br/2012/11/ocjp-080-bootkitsoftbankbb.html; classtype:trojan-activity; sid:2017066; rev:8; metadata:created_at 2011_10_06, former_category MALWARE, updated_at 2020_08_17;)

Added 2021-09-13 18:07:05 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Comisproc Checkin"; flow:to_server,established; content:".asp?mac="; http_uri; content:"&ver="; http_uri; distance:0; content:"Google"; nocase; http_user_agent; depth:6; reference:url,threatexpert.com/report.aspx?md5=9378ef5f2fb2e71e5eeed20f9f21d8dd; reference:url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32/Comisproc&ThreatID=-2147341910; reference:url,unixfreaxjp.blogspot.com.br/2012/11/ocjp-080-bootkitsoftbankbb.html; classtype:trojan-activity; sid:2017066; rev:8; metadata:created_at 2011_10_06, former_category MALWARE, updated_at 2020_08_17;)

Added 2020-08-18 17:53:53 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Comisproc Checkin"; flow:to_server,established; content:".asp?mac="; http_uri; content:"&ver="; http_uri; distance:0; content:"Google"; nocase; http_user_agent; depth:6; reference:url,threatexpert.com/report.aspx?md5=9378ef5f2fb2e71e5eeed20f9f21d8dd; reference:url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32/Comisproc&ThreatID=-2147341910; reference:url,unixfreaxjp.blogspot.com.br/2012/11/ocjp-080-bootkitsoftbankbb.html; classtype:trojan-activity; sid:2017066; rev:8; metadata:created_at 2011_10_06, former_category MALWARE, updated_at 2011_10_06;)

Added 2020-08-05 19:09:08 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Comisproc Checkin"; flow:to_server,established; content:".asp?mac="; http_uri; content:"&ver="; http_uri; distance:0; content:"Google"; nocase; http_user_agent; depth:6; metadata: former_category MALWARE; reference:url,threatexpert.com/report.aspx?md5=9378ef5f2fb2e71e5eeed20f9f21d8dd; reference:url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32/Comisproc&ThreatID=-2147341910; reference:url,unixfreaxjp.blogspot.com.br/2012/11/ocjp-080-bootkitsoftbankbb.html; classtype:trojan-activity; sid:2017066; rev:8; metadata:created_at 2011_10_06, updated_at 2011_10_06;)

Added 2019-09-26 19:57:25 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Comisproc Checkin"; flow:to_server,established; content:".asp?mac="; http_uri; content:"&ver="; http_uri; distance:0; content:"Google"; nocase; http_user_agent; depth:6; reference:url,threatexpert.com/report.aspx?md5=9378ef5f2fb2e71e5eeed20f9f21d8dd; reference:url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32/Comisproc&ThreatID=-2147341910; reference:url,unixfreaxjp.blogspot.com.br/2012/11/ocjp-080-bootkitsoftbankbb.html; classtype:trojan-activity; sid:2017066; rev:8; metadata:created_at 2011_10_06, updated_at 2011_10_06;)

Added 2018-09-13 19:47:12 UTC


Added 2018-09-13 17:57:46 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Comisproc Checkin"; flow:to_server,established; content:".asp?mac="; http_uri; content:"&ver="; http_uri; content:"User-Agent|3a| Google"; nocase; http_header; depth:20; reference:url,threatexpert.com/report.aspx?md5=9378ef5f2fb2e71e5eeed20f9f21d8dd; reference:url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32/Comisproc&ThreatID=-2147341910; reference:url,unixfreaxjp.blogspot.com.br/2012/11/ocjp-080-bootkitsoftbankbb.html; classtype:trojan-activity; sid:2017066; rev:7; metadata:created_at 2011_10_06, updated_at 2011_10_06;)

Added 2017-08-07 21:10:55 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Win32/Comisproc Checkin"; flow:to_server,established; content:".asp?mac="; offset:4; content:"&ver="; distance:0; content:" HTTP/1."; distance:0; content:"|0d 0a|User-Agent|3a| Google"; nocase; distance:1; within:20; reference:url,threatexpert.com/report.aspx?md5=9378ef5f2fb2e71e5eeed20f9f21d8dd; reference:url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32/Comisproc&ThreatID=-2147341910; reference:url,unixfreaxjp.blogspot.com.br/2012/11/ocjp-080-bootkitsoftbankbb.html; classtype:trojan-activity; sid:2017066; rev:9;)

Added 2013-06-25 16:54:20 UTC


Topic revision: r1 - 2021-09-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats