#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Possible IE/SilverLight GoonEK? Payload Download"; flow:to_server,established; content:".mp3?rnd="; fast_pattern:only; http_uri; pcre:"/\/\d+\.mp3\x3frnd\x3d\d+$/U"; classtype:trojan-activity; sid:2017998; rev:8; metadata:created_at 2014_01_22, former_category EXPLOIT_KIT, updated_at 2021_06_23;)

Added 2021-06-23 19:31:51 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Possible IE/SilverLight GoonEK? Payload Download"; flow:to_server,established; content:".mp3?rnd="; fast_pattern:only; http_uri; pcre:"/\/\d+\.mp3\x3frnd\x3d\d+$/U"; classtype:trojan-activity; sid:2017998; rev:8; metadata:created_at 2014_01_22, updated_at 2017_01_11;)

Added 2018-09-13 19:48:17 UTC


Added 2018-09-13 17:58:21 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Possible IE/SilverLight GoonEK? Payload Download"; flow:to_server,established; content:".mp3?rnd="; fast_pattern:only; http_uri; pcre:"/\/\d+\.mp3\x3frnd\x3d\d+$/U"; classtype:trojan-activity; sid:2017998; rev:8; metadata:created_at 2014_01_22, updated_at 2017_01_11;)

Added 2017-08-07 21:12:00 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Possible IE/SilverLight GoonEK? Payload Download"; flow:to_server,established; content:".mp3?rnd="; fast_pattern:only; http_uri; pcre:"/\/\d+\.mp3\x3frnd\x3d\d+$/U"; classtype:trojan-activity; sid:2017998; rev:8;)

Added 2017-01-11 17:05:48 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible IE/SilverLight GoonEK? Payload Download"; flow:to_server,established; content:".mp3?rnd="; fast_pattern:only; http_uri; pcre:"/\/\d+\.mp3\x3frnd\x3d\d+$/U"; classtype:trojan-activity; sid:2017998; rev:7;)

Added 2014-03-20 16:29:29 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible IE/SilverLight GoonEK? Payload Download"; flow:to_server,established; content:".mp3"; fast_pattern:only; http_uri; content:"WinHttp.WinHttpRequest.5"; http_header; pcre:"/\/\d{3,}\.mp3$/U"; classtype:trojan-activity; sid:2017998; rev:1;)

Added 2014-01-22 16:51:19 UTC


Topic revision: r1 - 2021-06-23 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats