alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Windows executable base64 encoded"; flow: established,from_server; file_data; content:"TVqQA"; pcre:"/^[A-Za-z0-9]{3}(?:[A-Za-z0-9+/]{4}|\s){100}/Rs"; pcre:"/[^A-Za-z0-9+/]TVqQA/"; reference:md5,49aca228674651cba776be727bdb7e60; classtype:trojan-activity; sid:2018856; rev:11; metadata:created_at 2014_07_31, updated_at 2019_03_06;)

Added 2019-03-06 20:22:39 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Windows executable base64 encoded"; flow: established,from_server; file_data; content:"TVqQA"; pcre:"/^[A-Za-z0-9]{3}(?:[A-Za-z0-9+/]{4}|\s){100}/Rs"; reference:md5,49aca228674651cba776be727bdb7e60; classtype:trojan-activity; sid:2018856; rev:10; metadata:created_at 2014_07_31, updated_at 2014_07_31;)

Added 2018-09-13 19:49:05 UTC


Added 2018-09-13 17:58:51 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Windows executable base64 encoded"; flow: established,from_server; file_data; content:"TVqQA"; pcre:"/^[A-Za-z0-9]{3}(?:[A-Za-z0-9+/]{4}|\s){100}/Rs"; reference:md5,49aca228674651cba776be727bdb7e60; classtype:trojan-activity; sid:2018856; rev:10; metadata:created_at 2014_07_31, updated_at 2014_07_31;)

Added 2017-08-07 21:13:00 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Windows executable base64 encoded"; flow: established,from_server; file_data; content:"TVqQA"; pcre:"/^[A-Za-z0-9]{3}(?:[A-Za-z0-9+/]{4}|\s){100}/Rs"; reference:md5,49aca228674651cba776be727bdb7e60; classtype:trojan-activity; sid:2018856; rev:10;)

Added 2016-03-03 19:43:34 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Windows executable base64 encoded"; flow: established,from_server; file_data; content:"TVqQA"; pcre:"/^[A-Za-z0-9]{3}(?:[A-Za-z0-9+/]{4}|\s){100}/Rs"; reference:md5,49aca228674651cba776be727bdb7e60; classtype:trojan-activity; sid:2018856; rev:10;)

Added 2016-03-03 17:21:43 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Windows executable base64 encoded"; flow: established,from_server; file_data; content:"TVqQA"; within:5; pcre:"/^[A-Za-z0-9]{3}[A-Za-z0-9\r\n\/+]+={0,2}$/Rs"; reference:md5,49aca228674651cba776be727bdb7e60; classtype:trojan-activity; sid:2018856; rev:9;)

Added 2014-07-31 17:22:10 UTC


Topic revision: r1 - 2019-03-07 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats