#alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible Upatre SSL Cert webhostingpad.com"; flow:established,from_server; content:"|16|"; content:"|0b|"; within:8; content:"|10 00 89 36 39 2c a7 4f ef 26 13 4f 11 2e d4 22 64|"; fast_pattern:only; content:"|55 04 03|"; content:"|13|*.webhostingpad.com"; distance:1; within:20; reference:md5,be7a7252865b3407498170f142efe471; classtype:trojan-activity; sid:2018594; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2014_06_23, deployment Perimeter, former_category CURRENT_EVENTS, malware_family Upatre, signature_severity Critical, tag SSL_Malicious_Cert, tag Exploit_Kit, tag Downloader, tag Upatre, updated_at 2016_07_01;)

Added 2020-11-20 19:36:45 UTC


#alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible Upatre SSL Cert webhostingpad.com"; flow:established,from_server; content:"|16|"; content:"|0b|"; within:8; content:"|10 00 89 36 39 2c a7 4f ef 26 13 4f 11 2e d4 22 64|"; fast_pattern:only; content:"|55 04 03|"; content:"|13|*.webhostingpad.com"; distance:1; within:20; reference:md5,be7a7252865b3407498170f142efe471; classtype:trojan-activity; sid:2018594; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2014_06_23, deployment Perimeter, malware_family Upatre, signature_severity Critical, tag SSL_Malicious_Cert, tag Exploit_Kit, tag Downloader, tag Upatre, updated_at 2016_07_01;)

Added 2020-08-05 19:09:53 UTC


#alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible Upatre SSL Cert webhostingpad.com"; flow:established,from_server; content:"|16|"; content:"|0b|"; within:8; content:"|10 00 89 36 39 2c a7 4f ef 26 13 4f 11 2e d4 22 64|"; fast_pattern:only; content:"|55 04 03|"; content:"|13|*.webhostingpad.com"; distance:1; within:20; reference:md5,be7a7252865b3407498170f142efe471; classtype:trojan-activity; sid:2018594; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag SSL_Malicious_Cert, tag Exploit_Kit, tag Downloader, tag Upatre, signature_severity Critical, created_at 2014_06_23, malware_family Upatre, updated_at 2016_07_01;)

Added 2017-08-07 21:12:41 UTC


#alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible Upatre SSL Cert webhostingpad.com"; flow:established,from_server; content:"|16|"; content:"|0b|"; within:8; content:"|10 00 89 36 39 2c a7 4f ef 26 13 4f 11 2e d4 22 64|"; fast_pattern:only; content:"|55 04 03|"; content:"|13|*.webhostingpad.com"; distance:1; within:20; reference:md5,be7a7252865b3407498170f142efe471; classtype:trojan-activity; sid:2018594; rev:2;)

Added 2014-09-12 16:28:33 UTC


alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible Upatre SSL Cert webhostingpad.com"; flow:established,from_server; content:"|16|"; content:"|0b|"; within:8; content:"|10 00 89 36 39 2c a7 4f ef 26 13 4f 11 2e d4 22 64|"; fast_pattern:only; content:"|55 04 03|"; content:"|13|*.webhostingpad.com"; distance:1; within:20; reference:md5,be7a7252865b3407498170f142efe471; classtype:trojan-activity; sid:2018594; rev:1;)

Added 2014-06-23 19:18:50 UTC


Topic revision: r1 - 2020-11-21 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats