alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE OutBrowse?.b Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/Installer/Flow?pubid="; nocase; depth:22; http_uri; fast_pattern; content:"&distid="; distance:0; http_uri; content:"&productid="; distance:0; http_uri; content:"&subpubid="; distance:0; http_uri; content:"&campaignid="; distance:0; http_uri; content:"&networkid="; distance:0; http_uri; content:"&dfb="; distance:0; http_uri; content:"&os="; distance:0; http_uri; content:"&version="; distance:0; http_uri; content:"Chrome/18.0.1025.142 Safari/535.19|0d 0a|Host|3a|"; http_header; reference:md5,38eeed96ade6037dc299812eeadee164; reference:url,sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/OutBrowse%20Revenyou/detailed-analysis.aspx; classtype:trojan-activity; sid:2018617; rev:7; metadata:created_at 2014_01_13, former_category ADWARE_PUP, updated_at 2016_06_22;)

Added 2021-08-31 18:37:32 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE OutBrowse?.b Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/Installer/Flow?pubid="; nocase; depth:22; http_uri; fast_pattern; content:"&distid="; distance:0; http_uri; content:"&productid="; distance:0; http_uri; content:"&subpubid="; distance:0; http_uri; content:"&campaignid="; distance:0; http_uri; content:"&networkid="; distance:0; http_uri; content:"&dfb="; distance:0; http_uri; content:"&os="; distance:0; http_uri; content:"&version="; distance:0; http_uri; content:"Chrome/18.0.1025.142 Safari/535.19|0d 0a|Host|3a|"; http_header; reference:md5,38eeed96ade6037dc299812eeadee164; reference:url,sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/OutBrowse%20Revenyou/detailed-analysis.aspx; classtype:trojan-activity; sid:2018617; rev:6; metadata:created_at 2014_01_13, former_category ADWARE_PUP, updated_at 2016_06_22;)

Added 2020-08-05 19:09:54 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE OutBrowse?.b Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/Installer/Flow?pubid="; nocase; depth:22; http_uri; fast_pattern; content:"&distid="; distance:0; http_uri; content:"&productid="; distance:0; http_uri; content:"&subpubid="; distance:0; http_uri; content:"&campaignid="; distance:0; http_uri; content:"&networkid="; distance:0; http_uri; content:"&dfb="; distance:0; http_uri; content:"&os="; distance:0; http_uri; content:"&version="; distance:0; http_uri; content:"Chrome/18.0.1025.142 Safari/535.19|0d 0a|Host|3a|"; http_header; metadata: former_category ADWARE_PUP; reference:md5,38eeed96ade6037dc299812eeadee164; reference:url,sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/OutBrowse%20Revenyou/detailed-analysis.aspx; classtype:trojan-activity; sid:2018617; rev:6; metadata:created_at 2014_01_13, updated_at 2016_06_22;)

Added 2019-09-26 19:57:39 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE OutBrowse?.b Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/Installer/Flow?pubid="; nocase; depth:22; http_uri; fast_pattern; content:"&distid="; distance:0; http_uri; content:"&productid="; distance:0; http_uri; content:"&subpubid="; distance:0; http_uri; content:"&campaignid="; distance:0; http_uri; content:"&networkid="; distance:0; http_uri; content:"&dfb="; distance:0; http_uri; content:"&os="; distance:0; http_uri; content:"&version="; distance:0; http_uri; content:"Chrome/18.0.1025.142 Safari/535.19|0d 0a|Host|3a|"; http_header; metadata: former_category MALWARE; reference:md5,38eeed96ade6037dc299812eeadee164; reference:url,sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/OutBrowse%20Revenyou/detailed-analysis.aspx; classtype:trojan-activity; sid:2018617; rev:6; metadata:created_at 2014_01_13, updated_at 2016_06_22;)

Added 2019-08-15 20:33:21 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE OutBrowse?.b Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/Installer/Flow?pubid="; nocase; depth:22; http_uri; fast_pattern; content:"&distid="; distance:0; http_uri; content:"&productid="; distance:0; http_uri; content:"&subpubid="; distance:0; http_uri; content:"&campaignid="; distance:0; http_uri; content:"&networkid="; distance:0; http_uri; content:"&dfb="; distance:0; http_uri; content:"&os="; distance:0; http_uri; content:"&version="; distance:0; http_uri; content:"Chrome/18.0.1025.142 Safari/535.19|0d 0a|Host|3a|"; http_header; reference:md5,38eeed96ade6037dc299812eeadee164; reference:url,sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/OutBrowse%20Revenyou/detailed-analysis.aspx; classtype:trojan-activity; sid:2018617; rev:6; metadata:created_at 2014_01_13, updated_at 2016_06_22;)

Added 2018-09-13 19:48:55 UTC


Added 2018-09-13 17:58:45 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE OutBrowse?.b Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/Installer/Flow?pubid="; nocase; depth:22; http_uri; fast_pattern; content:"&distid="; distance:0; http_uri; content:"&productid="; distance:0; http_uri; content:"&subpubid="; distance:0; http_uri; content:"&campaignid="; distance:0; http_uri; content:"&networkid="; distance:0; http_uri; content:"&dfb="; distance:0; http_uri; content:"&os="; distance:0; http_uri; content:"&version="; distance:0; http_uri; content:"Chrome/18.0.1025.142 Safari/535.19|0d 0a|Host|3a|"; http_header; reference:md5,38eeed96ade6037dc299812eeadee164; reference:url,sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/OutBrowse%20Revenyou/detailed-analysis.aspx; classtype:trojan-activity; sid:2018617; rev:6; metadata:created_at 2014_01_13, updated_at 2016_06_22;)

Added 2017-08-07 21:12:43 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE OutBrowse?.b Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/Installer/Flow?pubid="; nocase; depth:22; http_uri; fast_pattern; content:"&distid="; distance:0; http_uri; content:"&productid="; distance:0; http_uri; content:"&subpubid="; distance:0; http_uri; content:"&campaignid="; distance:0; http_uri; content:"&networkid="; distance:0; http_uri; content:"&dfb="; distance:0; http_uri; content:"&os="; distance:0; http_uri; content:"&version="; distance:0; http_uri; content:"Chrome/18.0.1025.142 Safari/535.19|0d 0a|Host|3a|"; http_header; reference:md5,38eeed96ade6037dc299812eeadee164; reference:url,sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/OutBrowse%20Revenyou/detailed-analysis.aspx; classtype:trojan-activity; sid:2018617; rev:6;)

Added 2016-06-22 19:02:31 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE OutBrowse?.b Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/Installer/Flow?pubid="; nocase; depth:22; http_uri; fast_pattern; content:"&distid="; distance:0; http_uri; content:"&productid="; distance:0; http_uri; content:"&subpubid="; distance:0; http_uri; content:"&campaignid="; distance:0; http_uri; content:"&networkid="; distance:0; http_uri; content:"&dfb="; distance:0; http_uri; content:"&os="; distance:0; http_uri; content:"&version="; distance:0; http_uri; content:"Chrome/18.0.1025.142 Safari/535.19|0d 0a|Host|3a|"; http_header; reference:md5,38eeed96ade6037dc299812eeadee164; reference:url,sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/OutBrowse%20Revenyou/detailed-analysis.aspx; classtype:trojan-activity; sid:2018617; rev:6;)

Added 2016-06-22 19:00:09 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED OutBrowse?.b Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/Installer/Flow?pubid="; nocase; depth:22; http_uri; fast_pattern; content:"&distid="; distance:0; http_uri; content:"&productid="; distance:0; http_uri; content:"&subpubid="; distance:0; http_uri; content:"&campaignid="; distance:0; http_uri; content:"&networkid="; distance:0; http_uri; content:"&dfb="; distance:0; http_uri; content:"&os="; distance:0; http_uri; content:"&version="; distance:0; http_uri; content:"Chrome/18.0.1025.142 Safari/535.19|0d 0a|Host|3a|"; http_header; reference:md5,38eeed96ade6037dc299812eeadee164; reference:url,sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/OutBrowse%20Revenyou/detailed-analysis.aspx; classtype:trojan-activity; sid:2018617; rev:5;)

Added 2016-04-29 18:28:28 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE OutBrowse?.b Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/Installer/Flow?pubid="; nocase; depth:22; http_uri; fast_pattern; content:"&distid="; distance:0; http_uri; content:"&productid="; distance:0; http_uri; content:"&subpubid="; distance:0; http_uri; content:"&campaignid="; distance:0; http_uri; content:"&networkid="; distance:0; http_uri; content:"&dfb="; distance:0; http_uri; content:"&os="; distance:0; http_uri; content:"&version="; distance:0; http_uri; content:"Chrome/18.0.1025.142 Safari/535.19|0d 0a|Host|3a|"; http_header; reference:md5,38eeed96ade6037dc299812eeadee164; reference:url,sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/OutBrowse%20Revenyou/detailed-analysis.aspx; classtype:trojan-activity; sid:2018617; rev:4;)

Added 2014-07-02 17:05:36 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE OutBrowse?.b Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/Installer/Flow?pubid="; nocase; depth:22; http_uri; fast_pattern; content:"&distid="; distance:0; http_uri; content:"&productid="; distance:0; http_uri; content:"&subpubid="; distance:0; http_uri; content:"&campaignid="; distance:0; http_uri; content:"&networkid="; distance:0; http_uri; content:"&dfb="; distance:0; http_uri; content:"&os="; distance:0; http_uri; content:"&version="; distance:0; http_uri; content:"Chrome/18.0.1025.142 Safari/535.19|0d 0a|Host|3a|"; http_header; reference:md5,38eeed96ade6037dc299812eeadee164; reference:url,sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/OutBrowse Revenyou/detailed-analysis.aspx; classtype:trojan-activity; sid:2018617; rev:3;)

Added 2014-07-01 22:42:51 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE OutBrowse?.b Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/Installer/Flow?pubid="; nocase; depth:22; http_uri; fast_pattern; content:"&distid="; distance:0; http_uri; content:"&productid="; distance:0; http_uri; content:"&subpubid="; distance:0; http_uri; content:"&campaignid="; distance:0; http_uri; content:"&networkid="; distance:0; http_uri; content:"&dfb="; distance:0; http_uri; content:"&os="; distance:0; http_uri; content:"&version="; distance:0; http_uri; content:"Chrome/18.0.1025.142 Safari/535.19|0d 0a|Host|3a|"; http_header; reference:md5,38eeed96ade6037dc299812eeadee164; reference:url,sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/OutBrowse Revenyou/detailed-analysis.aspx; classtype:trojan-activity; sid:2018617; rev:3;)

Added 2014-07-01 19:40:50 UTC


Topic revision: r1 - 2021-08-31 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats