alert http $HOME_NET any -> $EXTERNAL_NET 8080 (msg:"ET TROJAN Win32/Cridex Checkin"; flow:to_server,established; content:"POST"; http_method; pcre:"/^\/([a-z0-9+]+?\/){3}$/Ui"; content:"Accept|3a| */*|0d 0a|Host|3a| "; depth:19; http_header; pcre:"/^Accept\x3a \*\/\*\r\nHost\x3a \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\x3a8080\r\nContent-Length\x3a \d{3}\r\nConnection\x3a Keep-Alive\r\nCache-Control\x3a no-cache\r\n$/H"; content:!"Referer"; http_header; content:!"User-Agent|3a| "; http_header; reference:md5,94e496decf90c4ba2fb3e7113a081726; classtype:trojan-activity; sid:2017305; rev:3; metadata:created_at 2013_08_08, former_category MALWARE, updated_at 2020_11_17;)

Added 2020-11-17 18:19:11 UTC


alert http $HOME_NET any -> $EXTERNAL_NET 8080 (msg:"ET TROJAN Win32/Cridex Checkin"; flow:to_server,established; content:"POST"; http_method; pcre:"/^\/([a-z0-9+]+?\/){3}$/Ui"; content:"Accept|3a| */*|0d 0a|Host|3a| "; depth:19; http_header; pcre:"/^Accept\x3a \*\/\*\r\nHost\x3a \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\x3a8080\r\nContent-Length\x3a \d{3}\r\nConnection\x3a Keep-Alive\r\nCache-Control\x3a no-cache\r\n$/H"; content:!"Referer"; http_header; content:!"User-Agent|3a| "; http_header; reference:md5,94e496decf90c4ba2fb3e7113a081726; classtype:trojan-activity; sid:2017305; rev:3; metadata:created_at 2013_08_08, former_category MALWARE, updated_at 2020_04_24;)

Added 2020-08-05 19:09:13 UTC


alert http $HOME_NET any -> $EXTERNAL_NET 8080 (msg:"ET TROJAN Win32/Cridex Checkin"; flow:to_server,established; content:"POST"; http_method; pcre:"/^\/([a-z0-9+]+?\/){3}$/Ui"; content:"Accept|3a| */*|0d 0a|Host|3a| "; depth:19; http_header; pcre:"/^Accept\x3a \*\/\*\r\nHost\x3a \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\x3a8080\r\nContent-Length\x3a \d{3}\r\nConnection\x3a Keep-Alive\r\nCache-Control\x3a no-cache\r\n$/H"; content:!"Referer"; http_header; content:!"User-Agent|3a| "; http_header; metadata: former_category MALWARE; reference:md5,94e496decf90c4ba2fb3e7113a081726; classtype:trojan-activity; sid:2017305; rev:3; metadata:created_at 2013_08_08, updated_at 2020_04_24;)

Added 2020-04-24 18:20:33 UTC


alert http $HOME_NET any -> $EXTERNAL_NET 8080 (msg:"ET TROJAN Win32/Cridex Checkin"; flow:to_server,established; content:"POST"; http_method; pcre:"/^\/([a-z0-9+]+?\/){3}$/Ui"; content:"Accept|3a| */*|0d 0a|Host|3a| "; depth:19; http_header; pcre:"/^Accept\x3a \*\/\*\r\nHost\x3a \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\x3a8080\r\nContent-Length\x3a \d{3}\r\nConnection\x3a Keep-Alive\r\nCache-Control\x3a no-cache\r\n$/H"; content:!"Referer"; http_header; content:!"User-Agent|3a| "; http_header; metadata: former_category MALWARE; reference:md5,94e496decf90c4ba2fb3e7113a081726; classtype:trojan-activity; sid:2017305; rev:3; metadata:created_at 2013_08_08, updated_at 2013_08_08;)

Added 2019-09-26 19:57:26 UTC


alert http $HOME_NET any -> $EXTERNAL_NET 8080 (msg:"ET TROJAN Win32/Cridex Checkin"; flow:to_server,established; content:"POST"; http_method; pcre:"/^\/([a-z0-9+]+?\/){3}$/Ui"; content:"Accept|3a| */*|0d 0a|Host|3a| "; depth:19; http_header; pcre:"/^Accept\x3a \*\/\*\r\nHost\x3a \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\x3a8080\r\nContent-Length\x3a \d{3}\r\nConnection\x3a Keep-Alive\r\nCache-Control\x3a no-cache\r\n$/H"; content:!"Referer"; http_header; content:!"User-Agent|3a| "; http_header; reference:md5,94e496decf90c4ba2fb3e7113a081726; classtype:trojan-activity; sid:2017305; rev:3; metadata:created_at 2013_08_08, updated_at 2013_08_08;)

Added 2018-09-13 19:47:30 UTC


Added 2018-09-13 17:57:56 UTC


alert http $HOME_NET any -> $EXTERNAL_NET 8080 (msg:"ET TROJAN Win32/Cridex Checkin"; flow:to_server,established; content:"POST"; http_method; pcre:"/^\/([a-z0-9+]+?\/){3}$/Ui"; content:"Accept|3a| */*|0d 0a|Host|3a| "; depth:19; http_header; pcre:"/^Accept\x3a \*\/\*\r\nHost\x3a \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\x3a8080\r\nContent-Length\x3a \d{3}\r\nConnection\x3a Keep-Alive\r\nCache-Control\x3a no-cache\r\n$/H"; content:!"Referer"; http_header; content:!"User-Agent|3a| "; http_header; reference:md5,94e496decf90c4ba2fb3e7113a081726; classtype:trojan-activity; sid:2017305; rev:3; metadata:created_at 2013_08_08, updated_at 2013_08_08;)

Added 2017-08-07 21:11:11 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 8080 (msg:"ET TROJAN Win32/Cridex Checkin"; flow:to_server,established; content:"POST"; http_method; pcre:"/^\/([a-z0-9+]+?\/){3}$/Ui"; content:"Accept|3a| */*|0d 0a|Host|3a| "; depth:19; http_header; pcre:"/^Accept\x3a \*\/\*\r\nHost\x3a \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\x3a8080\r\nContent-Length\x3a \d{3}\r\nConnection\x3a Keep-Alive\r\nCache-Control\x3a no-cache\r\n\r\n$/H"; content:!"Referer"; http_header; content:!"User-Agent|3a| "; http_header; reference:md5,94e496decf90c4ba2fb3e7113a081726; classtype:trojan-activity; sid:2017305; rev:3;)

Added 2013-08-09 00:04:07 UTC


Topic revision: r1 - 2020-11-17 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats