#alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible Upatre SSL Compromised site dfsdirect.ca"; flow:established,to_client; content:"|55 04 03|"; content:"|0c|dfsdirect.ca"; distance:1; within:14; nocase; reference:md5,fe56b5a28eac390aa8cfb1402360958b; classtype:trojan-activity; sid:2018480; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, created_at 2014_05_16, former_category CURRENT_EVENTS, malware_family Upatre, signature_severity Critical, tag Exploit_Kit, tag Downloader, tag Upatre, updated_at 2016_07_01;)

Added 2020-11-20 19:36:45 UTC


#alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible Upatre SSL Compromised site dfsdirect.ca"; flow:established,to_client; content:"|55 04 03|"; content:"|0c|dfsdirect.ca"; distance:1; within:14; nocase; reference:md5,fe56b5a28eac390aa8cfb1402360958b; classtype:trojan-activity; sid:2018480; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, created_at 2014_05_16, malware_family Upatre, signature_severity Critical, tag Exploit_Kit, tag Downloader, tag Upatre, updated_at 2016_07_01;)

Added 2020-08-05 19:09:49 UTC


#alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible Upatre SSL Compromised site dfsdirect.ca"; flow:established,to_client; content:"|55 04 03|"; content:"|0c|dfsdirect.ca"; distance:1; within:14; nocase; reference:md5,fe56b5a28eac390aa8cfb1402360958b; classtype:trojan-activity; sid:2018480; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, tag Exploit_Kit, tag Downloader, tag Upatre, signature_severity Critical, created_at 2014_05_16, malware_family Upatre, updated_at 2016_07_01;)

Added 2017-08-07 21:12:33 UTC


#alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible Upatre SSL Compromised site dfsdirect.ca"; flow:established,to_client; content:"|55 04 03|"; content:"|0c|dfsdirect.ca"; distance:1; within:14; nocase; reference:md5,fe56b5a28eac390aa8cfb1402360958b; classtype:trojan-activity; sid:2018480; rev:1;)

Added 2017-04-19 17:17:23 UTC


alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible Upatre SSL Compromised site dfsdirect.ca"; flow:established,to_client; content:"|55 04 03|"; content:"|0c|dfsdirect.ca"; distance:1; within:14; nocase; reference:md5,fe56b5a28eac390aa8cfb1402360958b; classtype:trojan-activity; sid:2018480; rev:1;)

Added 2014-05-16 18:09:43 UTC


Topic revision: r1 - 2020-11-21 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats