#alert tcp any any -> any 445 (msg:"ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 8"; flow:to_server,established; flowbits:isset,ET.kaptoxa; content:"SMB"; content:"Tl"; fast_pattern; distance:0; pcre:"/^[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])/R"; reference:url,securityintelligence.com/target-data-breach-kaptoxa-pos-malware/; classtype:trojan-activity; sid:2018066; rev:2; metadata:created_at 2014_02_03, updated_at 2014_02_03;)

Added 2020-11-20 19:36:43 UTC


alert tcp any any -> any 445 (msg:"ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 8"; flow:to_server,established; flowbits:isset,ET.kaptoxa; content:"SMB"; content:"Tl"; fast_pattern; distance:0; pcre:"/^[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])/R"; reference:url,securityintelligence.com/target-data-breach-kaptoxa-pos-malware/; classtype:trojan-activity; sid:2018066; rev:2; metadata:created_at 2014_02_03, updated_at 2014_02_03;)

Added 2018-09-13 19:48:21 UTC


Added 2018-09-13 17:58:24 UTC


alert tcp any any -> any 445 (msg:"ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 8"; flow:to_server,established; flowbits:isset,ET.kaptoxa; content:"SMB"; content:"Tl"; fast_pattern; distance:0; pcre:"/^[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])/R"; reference:url,securityintelligence.com/target-data-breach-kaptoxa-pos-malware/; classtype:trojan-activity; sid:2018066; rev:2; metadata:created_at 2014_02_03, updated_at 2014_02_03;)

Added 2017-08-07 21:12:06 UTC


alert tcp any any -> any 445 (msg:"ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 8"; flow:to_server,established; flowbits:isset,ET.kaptoxa; content:"SMB"; content:"Tl"; fast_pattern; distance:0; pcre:"/^[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])/R"; reference:url,securityintelligence.com/target-data-breach-kaptoxa-pos-malware/; classtype:trojan-activity; sid:2018066; rev:2;)

Added 2014-04-14 19:22:51 UTC


alert tcp any any -> any 445 (msg:"ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 8"; flow:to_server,established; flowbits:isset,ET.kaptoxa; content:"SMB"; content:"Tl"; fast_pattern; distance:0; pcre:"/^[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])[a-zA-Z0-9/]{2}(?:M[1fhl]|T[1fhl]|s[hl])/R"; reference:url,securityintelligence.com/target-data-breach-kaptoxa-pos-malware/; classtype:trojan-activity; sid:2018066; rev:1;)

Added 2014-02-03 18:51:01 UTC


Topic revision: r1 - 2020-11-21 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats