#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED W32/Onkod.Downloader Executable Download"; flow:established,to_server; content:"/js/"; http_uri; content:".exe"; fast_pattern; http_uri; content:"User-Agent|3A 20|Mozilla/5.0 (Windows NT 6.1|3b| WOW64|3b| rv|3a|22.0) Gecko/20100101 Firefox/22.0|0D 0A|"; http_header; pcre:"/\x2Fjs\x2F[\r\n]*\x2Eexe$/U"; metadata: former_category MALWARE; reference:url,blog.fortinet.com/Avoiding-Heuristic-Detection/; classtype:trojan-activity; sid:2017617; rev:4; metadata:created_at 2013_10_18, updated_at 2019_10_16;)

Added 2019-10-16 18:59:36 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/Onkod.Downloader Executable Download"; flow:established,to_server; content:"/js/"; http_uri; content:".exe"; fast_pattern; http_uri; content:"User-Agent|3A 20|Mozilla/5.0 (Windows NT 6.1|3b| WOW64|3b| rv|3a|22.0) Gecko/20100101 Firefox/22.0|0D 0A|"; http_header; pcre:"/\x2Fjs\x2F[\r\n]*\x2Eexe$/U"; reference:url,blog.fortinet.com/Avoiding-Heuristic-Detection/; classtype:trojan-activity; sid:2017617; rev:3; metadata:created_at 2013_10_18, updated_at 2013_10_18;)

Added 2018-09-13 19:47:54 UTC


Added 2018-09-13 17:58:08 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/Onkod.Downloader Executable Download"; flow:established,to_server; content:"/js/"; http_uri; content:".exe"; fast_pattern; http_uri; content:"User-Agent|3A 20|Mozilla/5.0 (Windows NT 6.1|3b| WOW64|3b| rv|3a|22.0) Gecko/20100101 Firefox/22.0|0D 0A|"; http_header; pcre:"/\x2Fjs\x2F[\r\n]*\x2Eexe$/U"; reference:url,blog.fortinet.com/Avoiding-Heuristic-Detection/; classtype:trojan-activity; sid:2017617; rev:3; metadata:created_at 2013_10_18, updated_at 2013_10_18;)

Added 2017-08-07 21:11:33 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN W32/Onkod.Downloader Executable Download"; flow:established,to_server; content:"/js/"; http_uri; content:".exe"; fast_pattern; http_uri; content:"User-Agent|3A 20|Mozilla/5.0 (Windows NT 6.1|3b| WOW64|3b| rv|3a|22.0) Gecko/20100101 Firefox/22.0|0D 0A|"; http_header; pcre:"/\x2Fjs\x2F[\r\n]*\x2Eexe$/U"; reference:url,blog.fortinet.com/Avoiding-Heuristic-Detection/; classtype:trojan-activity; sid:2017617; rev:2;)

Added 2013-10-18 13:08:21 UTC


Topic revision: r1 - 2019-10-16 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats