#alert http any any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Hikvision DVR Synology Recon Scan Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/k.php?h="; http_uri; depth:9; content:"ballsack"; depth:8; http_user_agent; content:!"Referer|3a 20|"; http_header; content:!"Accept|3a 20|"; http_header; reference:url,isc.sans.edu/forums/diary/More+Device+Malware+This+is+why+your+DVR+attacked+my+Synology+Disk+Station+and+now+with+Bitcoin+Miner/17879; classtype:trojan-activity; sid:2018344; rev:4; metadata:created_at 2014_04_02, former_category CURRENT_EVENTS, updated_at 2014_04_02;)

Added 2022-05-19 19:06:24 UTC


#alert http any any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Hikvision DVR Synology Recon Scan Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/k.php?h="; http_uri; depth:9; content:"ballsack"; depth:8; http_user_agent; content:!"Referer|3a 20|"; http_header; content:!"Accept|3a 20|"; http_header; reference:url,isc.sans.edu/forums/diary/More+Device+Malware+This+is+why+your+DVR+attacked+my+Synology+Disk+Station+and+now+with+Bitcoin+Miner/17879; classtype:trojan-activity; sid:2018344; rev:3; metadata:created_at 2014_04_02, former_category CURRENT_EVENTS, updated_at 2014_04_02;)

Added 2021-09-21 19:59:19 UTC


#alert http any any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Hikvision DVR Synology Recon Scan Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/k.php?h="; http_uri; depth:9; content:"ballsack"; depth:8; http_user_agent; content:!"Referer|3a 20|"; http_header; content:!"Accept|3a 20|"; http_header; reference:url,isc.sans.edu/forums/diary/More+Device+Malware+This+is+why+your+DVR+attacked+my+Synology+Disk+Station+and+now+with+Bitcoin+Miner/17879; classtype:trojan-activity; sid:2018344; rev:3; metadata:created_at 2014_04_01, former_category CURRENT_EVENTS, updated_at 2014_04_01;)

Added 2020-08-05 19:09:45 UTC


#alert http any any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Hikvision DVR Synology Recon Scan Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/k.php?h="; http_uri; depth:9; content:"ballsack"; depth:8; http_user_agent; content:!"Referer|3a 20|"; http_header; content:!"Accept|3a 20|"; http_header; metadata: former_category CURRENT_EVENTS; reference:url,isc.sans.edu/forums/diary/More+Device+Malware+This+is+why+your+DVR+attacked+my+Synology+Disk+Station+and+now+with+Bitcoin+Miner/17879; classtype:trojan-activity; sid:2018344; rev:3; metadata:created_at 2014_04_01, updated_at 2014_04_01;)

Added 2019-08-15 20:33:20 UTC


alert http any any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Hikvision DVR Synology Recon Scan Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/k.php?h="; http_uri; depth:9; content:"ballsack"; depth:8; http_user_agent; content:!"Referer|3a 20|"; http_header; content:!"Accept|3a 20|"; http_header; reference:url,isc.sans.edu/forums/diary/More+Device+Malware+This+is+why+your+DVR+attacked+my+Synology+Disk+Station+and+now+with+Bitcoin+Miner/17879; classtype:trojan-activity; sid:2018344; rev:3; metadata:created_at 2014_04_01, updated_at 2014_04_01;)

Added 2018-09-13 19:48:39 UTC


Added 2018-09-13 17:58:35 UTC


alert http any any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Hikvision DVR Synology Recon Scan Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/k.php?h="; http_uri; depth:9; content:"ballsack"; depth:8; http_user_agent; content:!"Referer|3a 20|"; http_header; content:!"Accept|3a 20|"; http_header; reference:url,isc.sans.edu/forums/diary/More+Device+Malware+This+is+why+your+DVR+attacked+my+Synology+Disk+Station+and+now+with+Bitcoin+Miner/17879; classtype:trojan-activity; sid:2018344; rev:3; metadata:created_at 2014_04_01, updated_at 2014_04_01;)

Added 2017-08-07 21:12:25 UTC


alert tcp any any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Hikvision DVR Synology Recon Scan Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/k.php?h="; http_uri; depth:9; content:"User-Agent|3a 20|ballsack"; http_header; content:!"Referer|3a 20|"; http_header; content:!"Accept|3a 20|"; http_header; reference:url,isc.sans.edu/forums/diary/More+Device+Malware+This+is+why+your+DVR+attacked+my+Synology+Disk+Station+and+now+with+Bitcoin+Miner/17879; classtype:trojan-activity; sid:2018344; rev:1;)

Added 2014-04-01 19:37:34 UTC


Topic revision: r1 - 2022-05-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats