EmergingThreats> Main Web>2018403 (2022-05-20, TWikiGuest) EditAttach

#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_header; content:!"cfbeta.razersynapse.com"; http_host; content:!"download.windowsupdate.com"; http_host; content:!"gladmainnew.morningstar.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; classtype:trojan-activity; sid:2018403; rev:14; metadata:created_at 2014_04_22, former_category MALWARE, updated_at 2022_05_20;)

Added 2022-05-20 17:37:23 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_header; content:!"cfbeta.razersynapse.com"; http_host; content:!"download.windowsupdate.com"; http_host; content:!"gladmainnew.morningstar.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; classtype:trojan-activity; sid:2018403; rev:13; metadata:created_at 2014_04_22, former_category TROJAN, updated_at 2020_10_27;)

Added 2021-09-21 19:59:20 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_header; content:!"cfbeta.razersynapse.com"; http_host; content:!"download.windowsupdate.com"; http_host; content:!"gladmainnew.morningstar.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; classtype:trojan-activity; sid:2018403; rev:13; metadata:created_at 2014_04_21, former_category TROJAN, updated_at 2020_10_27;)

Added 2020-10-27 18:18:33 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_header; content:!"cfbeta.razersynapse.com"; http_host; content:!"download.windowsupdate.com"; http_host; content:!"gladmainnew.morningstar.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; classtype:trojan-activity; sid:2018403; rev:13; metadata:created_at 2014_04_21, former_category TROJAN, updated_at 2019_12_31;)

Added 2020-08-05 19:09:47 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_header; content:!"cfbeta.razersynapse.com"; http_host; content:!"download.windowsupdate.com"; http_host; content:!"gladmainnew.morningstar.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:13; metadata:created_at 2014_04_21, updated_at 2019_12_31;)

Added 2019-12-31 19:14:18 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_header; content:!"cfbeta.razersynapse.com"; http_host; content:!"download.windowsupdate.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:12; metadata:created_at 2014_04_21, updated_at 2019_09_28;)

Added 2019-10-01 08:28:08 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_header; content:!"cfbeta.razersynapse.com"; http_host; content:!"download.windowsupdate.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:12; metadata:created_at 2014_04_21, updated_at 2019_09_28;)

Added 2019-10-01 04:22:32 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_header; content:!"cfbeta.razersynapse.com"; http_host; content:!"download.windowsupdate.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:12; metadata:created_at 2014_04_21, updated_at 2019_08_13;)

Added 2019-08-13 19:54:22 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_host; content:!"cfbeta.razersynapse.com"; http_host; content:!"download.windowsupdate.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:11; metadata:created_at 2014_04_21, updated_at 2018_10_09;)

Added 2018-10-09 18:08:44 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:established,to_server; content:".exe"; http_uri; fast_pattern; isdataat:!1,relative; content:"|20|MSIE|20|"; http_user_agent; content:!"microsoft.com"; http_host; content:!"adobe.com"; http_host; content:!"360safe.com"; http_host; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; http_host; content:!"cfbeta.razersynapse.com"; http_host; http_header_names; content:!"Accept-Encoding"; content:!"Referer"; http_connection; content:"close"; nocase; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:10; metadata:created_at 2014_04_21, updated_at 2017_03_16;)

Added 2018-09-13 19:48:42 UTC

Added 2018-09-13 17:58:37 UTC

alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:9; metadata:created_at 2014_04_21, updated_at 2017_03_16;)

Added 2017-08-07 21:12:28 UTC

alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; classtype:trojan-activity; sid:2018403; rev:9;)

Added 2017-05-05 16:58:53 UTC

alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; metadata: former_category TROJAN; classtype:trojan-activity; sid:2018403; rev:9;)

Added 2017-05-03 17:35:13 UTC

alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; classtype:trojan-activity; sid:2018403; rev:9;)

Added 2017-03-20 19:16:55 UTC

alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; content:!"cfbeta.razersynapse.com"; http_header; classtype:trojan-activity; sid:2018403; rev:9;)

Added 2017-03-16 22:26:32 UTC

alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; content:!"softdl.360tpcdn.com"; classtype:trojan-activity; sid:2018403; rev:8;)

Added 2015-05-28 18:19:54 UTC

alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!"microsoft.com|0d 0a|"; http_header; content:!"adobe.com|0d 0a|"; http_header; content:!"360safe.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; classtype:trojan-activity; sid:2018403; rev:7;)

Added 2014-10-03 16:40:41 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Zbot Based Loader"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!".dlservice.microsoft.com|0d 0a|"; http_header; content:!"download_helper.ns"; http_uri; classtype:trojan-activity; sid:2018403; rev:4;)

Added 2014-05-30 18:34:06 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Zbot Based Loader"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; content:!".dlservice.microsoft.com|0d 0a|"; http_header; classtype:trojan-activity; sid:2018403; rev:3;)

Added 2014-05-01 18:28:41 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GENERIC Zbot Based Loader"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; pcre:"/\.exe$/U"; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; http_header; content:" MSIE "; http_header; content:!"|0d 0a|Accept-Encoding|3a|"; http_header; content:!"|0d 0a|Referer|3a|"; http_header; classtype:trojan-activity; sid:2018403; rev:2;)

Added 2014-04-21 19:36:52 UTC

Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2022-05-20 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats