alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32.Blackbeard Downloader"; flow:established,to_server; content:"/load"; http_uri; content:"p="; http_uri; content:"&t="; http_uri; content:"IE"; http_user_agent; depth:2; isdataat:!1,relative; fast_pattern; pcre:"/[\?&]p=\d&t=\d(&|$)/U"; reference:md5,2f6f13eced7fce495168059530246d77; reference:url,blog.avast.com/2014/01/15/win3264blackbeard-pigeon-stealthiness-techniques-in-64-bit-windows-part-1/; classtype:trojan-activity; sid:2018110; rev:6; metadata:created_at 2014_01_23, updated_at 2019_10_11;)

Added 2019-10-11 19:56:37 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32.Blackbeard Downloader"; flow:established,to_server; content:"/load"; http_uri; content:"p="; http_uri; content:"&t="; http_uri; content:"User-Agent|3a| IE|0d 0a|"; http_header; fast_pattern; pcre:"/[\?&]p=\d&t=\d(&|$)/U"; reference:md5,2f6f13eced7fce495168059530246d77; reference:url,blog.avast.com/2014/01/15/win3264blackbeard-pigeon-stealthiness-techniques-in-64-bit-windows-part-1/; classtype:trojan-activity; sid:2018110; rev:5; metadata:created_at 2014_01_23, updated_at 2014_01_23;)

Added 2018-09-13 19:48:24 UTC


Added 2018-09-13 17:58:25 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32.Blackbeard Downloader"; flow:established,to_server; content:"/load"; http_uri; content:"p="; http_uri; content:"&t="; http_uri; content:"User-Agent|3a| IE|0d 0a|"; http_header; fast_pattern; pcre:"/[\?&]p=\d&t=\d(&|$)/U"; reference:md5,2f6f13eced7fce495168059530246d77; reference:url,blog.avast.com/2014/01/15/win3264blackbeard-pigeon-stealthiness-techniques-in-64-bit-windows-part-1/; classtype:trojan-activity; sid:2018110; rev:5; metadata:created_at 2014_01_23, updated_at 2014_01_23;)

Added 2017-08-07 21:12:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32.Blackbeard Downloader"; flow:established,to_server; content:"/load"; http_uri; content:"p="; http_uri; content:"&t="; http_uri; content:"User-Agent|3a| IE|0d 0a|"; http_header; fast_pattern; pcre:"/[\?&]p=\d&t=\d(&|$)/U"; reference:md5,2f6f13eced7fce495168059530246d77; reference:url,blog.avast.com/2014/01/15/win3264blackbeard-pigeon-stealthiness-techniques-in-64-bit-windows-part-1/; classtype:trojan-activity; sid:2018110; rev:4;)

Added 2014-02-19 17:59:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32.Blackbeard Downloader"; flow:established,to_server; urilen:>26; content:"GET"; http_method; content:"load.php?id="; http_uri; content:"&p="; distance:2; within:3; http_uri; content:"&t="; distance:1; within:3; http_uri; content:"&e="; distance:1; within:3; http_uri; content:"User-Agent|3a| IE"; http_header; reference:md5,2f6f13eced7fce495168059530246d77; reference:url,blog.avast.com/2014/01/15/win3264blackbeard-pigeon-stealthiness-techniques-in-64-bit-windows-part-1/; classtype:trojan-activity; sid:2018110; rev:2;)

Added 2014-02-12 19:23:22 UTC


Topic revision: r1 - 2019-10-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats