#alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Possible Netwire RAT Client HeartBeat? S1 (no alert)"; flow:established,from_server; dsize:5; content:"|01 00 00 00 01|"; flowbits:isset,ET.Netwire.HB.1; flowbits:isnotset,ET.Netwire.HB.2; flowbits:unset,ET.Netwire.HB.1; flowbits:set,ET.Netwire.HB.2; flowbits:noalert; reference:md5,154a2366cd3e39e8625f5f737f9da8f1; reference:md5,9475f91a426ac45d1f074373034cbea6; classtype:trojan-activity; sid:2018282; rev:4; metadata:created_at 2014_03_14, former_category TROJAN, updated_at 2017_12_11;)

Added 2022-05-19 19:06:23 UTC


#alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Possible Netwire RAT Client HeartBeat? S1 (no alert)"; flow:established,from_server; dsize:5; content:"|01 00 00 00 01|"; flowbits:isset,ET.Netwire.HB.1; flowbits:isnotset,ET.Netwire.HB.2; flowbits:unset,ET.Netwire.HB.1; flowbits:set,ET.Netwire.HB.2; flowbits:noalert; reference:md5,154a2366cd3e39e8625f5f737f9da8f1; reference:md5,9475f91a426ac45d1f074373034cbea6; classtype:trojan-activity; sid:2018282; rev:3; metadata:created_at 2014_03_14, former_category TROJAN, updated_at 2017_12_11;)

Added 2020-08-05 19:09:42 UTC


#alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Possible Netwire RAT Client HeartBeat? S1 (no alert)"; flow:established,from_server; dsize:5; content:"|01 00 00 00 01|"; flowbits:isset,ET.Netwire.HB.1; flowbits:isnotset,ET.Netwire.HB.2; flowbits:unset,ET.Netwire.HB.1; flowbits:set,ET.Netwire.HB.2; flowbits:noalert; metadata: former_category TROJAN; reference:md5,154a2366cd3e39e8625f5f737f9da8f1; reference:md5,9475f91a426ac45d1f074373034cbea6; classtype:trojan-activity; sid:2018282; rev:3; metadata:created_at 2014_03_14, updated_at 2017_12_11;)

Added 2018-09-13 19:48:35 UTC


Added 2018-09-13 17:58:32 UTC


#alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Possible Netwire RAT Client HeartBeat? S1 (no alert)"; flow:established,from_server; dsize:5; content:"|01 00 00 00 01|"; flowbits:isset,ET.Netwire.HB.1; flowbits:isnotset,ET.Netwire.HB.2; flowbits:unset,ET.Netwire.HB.1; flowbits:set,ET.Netwire.HB.2; flowbits:noalert; metadata: former_category TROJAN; reference:md5,154a2366cd3e39e8625f5f737f9da8f1; reference:md5,9475f91a426ac45d1f074373034cbea6; classtype:trojan-activity; sid:2018282; rev:3; metadata:created_at 2014_03_14, updated_at 2017_12_11;)

Added 2017-12-11 16:55:43 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Possible Netwire RAT Client HeartBeat? S1 (no alert)"; flow:established,from_server; dsize:5; content:"|01 00 00 00 01|"; flowbits:isset,ET.Netwire.HB.1; flowbits:isnotset,ET.Netwire.HB.2; flowbits:unset,ET.Netwire.HB.1; flowbits:set,ET.Netwire.HB.2; flowbits:noalert; reference:md5,154a2366cd3e39e8625f5f737f9da8f1; reference:md5,9475f91a426ac45d1f074373034cbea6; classtype:trojan-activity; sid:2018282; rev:3; metadata:created_at 2014_03_14, updated_at 2014_03_14;)

Added 2017-08-07 21:12:20 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Possible Netwire RAT Client HeartBeat? S1 (no alert)"; flow:established,from_server; dsize:5; content:"|01 00 00 00 01|"; flowbits:isset,ET.Netwire.HB.1; flowbits:isnotset,ET.Netwire.HB.2; flowbits:unset,ET.Netwire.HB.1; flowbits:set,ET.Netwire.HB.2; flowbits:noalert; reference:md5,154a2366cd3e39e8625f5f737f9da8f1; reference:md5,9475f91a426ac45d1f074373034cbea6; classtype:trojan-activity; sid:2018282; rev:3;)

Added 2014-04-09 13:45:20 UTC


Topic revision: r1 - 2022-05-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats