alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32.Popwin Checkin"; flow:to_server,established; content:"/soft/xiaomi"; fast_pattern; http_uri; content:".asp"; http_uri; distance:0; content:"API-Guide test program"; depth:22; http_user_agent; http_header_names; content:!"Referer|0d 0a|"; content:!"Accept|0d 0a|"; metadata: former_category MALWARE; reference:url,www.virustotal.com/en/file/79dfb0ea0d788dd388a1d1856402f04ddcdc42b7134ffc80747b339937216cbb analysis/; reference:md5,dd762c69049fbd00c22f70f109baa26e; classtype:trojan-activity; sid:2018143; rev:7; metadata:created_at 2014_02_14, updated_at 2020_02_10;)

Added 2020-02-10 18:52:31 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32.Popwin Checkin"; flow:to_server,established; content:"/soft/xiaomi"; fast_pattern; http_uri; content:".asp"; http_uri; distance:0; content:"API-Guide test program"; depth:22; http_user_agent; http_header_names; content:!"Referer|0d 0a|"; content:!"Accept|0d 0a|"; metadata: former_category MALWARE; reference:url,www.virustotal.com/en/file/79dfb0ea0d788dd388a1d1856402f04ddcdc42b7134ffc80747b339937216cbb analysis/; reference:md5,dd762c69049fbd00c22f70f109baa26e; classtype:trojan-activity; sid:2018143; rev:7; metadata:created_at 2014_02_14, updated_at 2020_02_10;)

Added 2020-02-10 18:51:26 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32.Popwin Checkin"; flow:to_server,established; content:"/soft/xiaomi"; fast_pattern:only; http_uri; content:".asp"; content:"API-Guide test program"; depth:22; http_user_agent; content:!"Referer|3a|"; content:!"Accept|3a 20|"; metadata: former_category MALWARE; reference:url,www.virustotal.com/en/file/79dfb0ea0d788dd388a1d1856402f04ddcdc42b7134ffc80747b339937216cbb analysis/; reference:md5,dd762c69049fbd00c22f70f109baa26e; classtype:trojan-activity; sid:2018143; rev:5; metadata:created_at 2014_02_14, updated_at 2019_10_07;)

Added 2019-10-07 19:58:42 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32.Popwin Checkin"; flow:to_server,established; content:"/soft/xiaomi"; fast_pattern:only; http_uri; content:".asp"; content:"API-Guide test program"; depth:22; http_user_agent; content:!"Referer|3a|"; content:!"Accept|3a 20|"; metadata: former_category MALWARE; reference:url,www.virustotal.com/en/file/79dfb0ea0d788dd388a1d1856402f04ddcdc42b7134ffc80747b339937216cbb analysis/; reference:md5,dd762c69049fbd00c22f70f109baa26e; classtype:trojan-activity; sid:2018143; rev:5; metadata:created_at 2014_02_14, updated_at 2014_02_14;)

Added 2019-09-26 19:57:34 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32.Popwin Checkin"; flow:to_server,established; content:"/soft/xiaomi"; fast_pattern:only; http_uri; content:".asp"; content:"API-Guide test program"; depth:22; http_user_agent; content:!"Referer|3a|"; content:!"Accept|3a 20|"; reference:url,www.virustotal.com/en/file/79dfb0ea0d788dd388a1d1856402f04ddcdc42b7134ffc80747b339937216cbb analysis/; reference:md5,dd762c69049fbd00c22f70f109baa26e; classtype:trojan-activity; sid:2018143; rev:5; metadata:created_at 2014_02_14, updated_at 2014_02_14;)

Added 2018-09-13 19:48:26 UTC


Added 2018-09-13 17:58:27 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32.Popwin Checkin"; flow:to_server,established; content:"/soft/xiaomi"; fast_pattern:only; http_uri; content:".asp"; content:"API-Guide test program"; depth:22; http_user_agent; content:!"Referer|3a|"; content:!"Accept|3a 20|"; reference:url,www.virustotal.com/en/file/79dfb0ea0d788dd388a1d1856402f04ddcdc42b7134ffc80747b339937216cbb analysis/; reference:md5,dd762c69049fbd00c22f70f109baa26e; classtype:trojan-activity; sid:2018143; rev:5; metadata:created_at 2014_02_14, updated_at 2014_02_14;)

Added 2017-08-07 21:12:11 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32.Popwin Checkin"; flow:to_server,established; content:"/soft/xiaomi"; fast_pattern:only; http_uri; content:".asp"; content:"API-Guide test program"; depth:22; http_user_agent; content:!"Referer|3a|"; content:!"Accept|3a 20|"; reference:url,www.virustotal.com/en/file/79dfb0ea0d788dd388a1d1856402f04ddcdc42b7134ffc80747b339937216cbb analysis/; reference:md5,dd762c69049fbd00c22f70f109baa26e; classtype:trojan-activity; sid:2018143; rev:5;)

Added 2014-09-02 19:50:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 88 (msg:"ET TROJAN GameThief.Win32.WOW!O Checkin"; flow:to_server,established; content:"/soft/xiaomi/m2/getid0121.asp"; offset:4; depth:29; content:"User-Agent|3a 20|API-Guide test program|0d 0a|"; distance:0; content:!"Accept|3a 20|"; content:!"Referer|3a 20|"; reference:url,www.virustotal.com/en/file/79dfb0ea0d788dd388a1d1856402f04ddcdc42b7134ffc80747b339937216cbb analysis/; reference:md5,dd762c69049fbd00c22f70f109baa26e; classtype:trojan-activity; sid:2018143; rev:1;)

Added 2014-02-14 18:07:40 UTC


Topic revision: r1 - 2020-02-10 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats