alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Andromeda Downloading Module"; flow:to_server,established; content:"GET"; http_method; content:".pack"; nocase; http_uri; fast_pattern; content:!"Referer|3a|"; http_header; pcre:"/\.pack$/Ui"; content:"Mozilla"; http_header; pcre:"/^User-Agent\x3a\x20Mozilla(?:\/4\.0)?\r?$/Hmi"; reference:md5,65125129418e07ce1000aa677b66b72f; classtype:trojan-activity; sid:2018604; rev:6; metadata:created_at 2014_06_24, updated_at 2019_10_07;)

Added 2019-10-08 19:34:12 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Andromeda Downloading Module"; flow:to_server,established; content:"GET"; http_method; content:".pack"; nocase; http_uri; fast_pattern:only; content:!"Referer|3a|"; http_header; pcre:"/\.pack$/Ui"; content:"Mozilla"; http_header; pcre:"/^User-Agent\x3a\x20Mozilla(?:\/4\.0)?\r?$/Hmi"; reference:md5,65125129418e07ce1000aa677b66b72f; classtype:trojan-activity; sid:2018604; rev:5; metadata:created_at 2014_06_24, updated_at 2014_06_24;)

Added 2018-09-13 19:48:54 UTC


Added 2018-09-13 17:58:44 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Andromeda Downloading Module"; flow:to_server,established; content:"GET"; http_method; content:".pack"; nocase; http_uri; fast_pattern:only; content:!"Referer|3a|"; http_header; pcre:"/\.pack$/Ui"; content:"Mozilla"; http_header; pcre:"/^User-Agent\x3a\x20Mozilla(?:\/4\.0)?\r?$/Hmi"; reference:md5,65125129418e07ce1000aa677b66b72f; classtype:trojan-activity; sid:2018604; rev:5; metadata:created_at 2014_06_24, updated_at 2014_06_24;)

Added 2017-08-07 21:12:42 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Andromeda Downloading Module"; flow:to_server,established; content:"GET"; http_method; content:".pack"; nocase; http_uri; fast_pattern:only; content:!"Referer|3a|"; http_header; pcre:"/\.pack$/Ui"; content:"Mozilla"; http_header; pcre:"/^User-Agent\x3a\x20Mozilla(?:\/4\.0)?\r?$/Hmi"; reference:md5,65125129418e07ce1000aa677b66b72f; classtype:trojan-activity; sid:2018604; rev:5;)

Added 2015-03-04 20:19:01 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Andromeda Downloading Module"; flow:to_server,established; content:".pack"; nocase; http_uri; fast_pattern:only; pcre:"/\.pack$/Ui"; content:"Mozilla/4.0|0d 0a|"; http_header; content:"Host|3a|"; http_header; depth:5; pcre:"/^Host\x3a\x20[^\r\n]+\r\nUser-Agent\x3a\x20Mozilla\/4\.0\r\nConnection\x3a\x20close\r\n(?:\r\n)?$/H"; reference:md5,65125129418e07ce1000aa677b66b72f; classtype:trojan-activity; sid:2018604; rev:4;)

Added 2014-06-24 18:44:39 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats