alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Worm.Win32.Vobfus Checkin 3"; flow:established,to_server; content:"GET"; http_method; content:"|3f|"; offset:2; depth:20; http_uri; pcre:"/^\/[a-zA-Z0-9]{1,19}\/?\?[abdefijhgv\x22](?:\x7C\x2d?\d+?[^\\\*\+\=\|\:\;\x22\?\<\>\,\#][a-zA-Z0-9-!@#\$%^&\(\)\x20_{}\.~]{1,14})?$/U"; content:"Mozilla/4.0 (compatible|3b 20|MSIE|20|"; http_user_agent; fast_pattern; content:!"www.pinterest.com"; http_host; http_header_names; content:!"Accept-Language"; content:!"Referer"; reference:md5,3ed744b12a77359576af10a265154081; reference:md5,a2049adc2834d797b37f45382608f2b4; classtype:trojan-activity; sid:2018958; rev:19; metadata:created_at 2013_03_25, updated_at 2019_05_22;)

Added 2019-05-22 20:30:36 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Worm.Win32.Vobfus Checkin 3"; flow:established,to_server; content:"GET"; http_method; content:"|3f|"; offset:2; depth:20; http_uri; pcre:"/^\/[a-zA-Z0-9]{1,19}\/?\?[abdefijhgv\x22](?:\x7C\x2d?\d+?[^\\\*\+\=\|\:\;\x22\?\<\>\,\#][a-zA-Z0-9-!@#\$%^&\(\)\x20_{}\.~]{1,14})?$/U"; content:"Mozilla/4.0 (compatible|3b 20|MSIE|20|"; http_user_agent; fast_pattern; content:!"www.pinterest.com"; http_host; http_header_names; content:!"Accept-Language"; content:!"Referer"; reference:md5,3ed744b12a77359576af10a265154081; reference:md5,a2049adc2834d797b37f45382608f2b4; classtype:trojan-activity; sid:2018958; rev:19; metadata:created_at 2013_03_25, updated_at 2019_05_22;)

Added 2019-05-22 19:32:45 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Worm.Win32.Vobfus Checkin 3"; flow:established,to_server; content:!"Accept-Language|3a|"; http_header; content:!"Referer"; http_header; content:"GET"; http_method; content:"|3f|"; offset:2; depth:20; http_uri; pcre:"/^\/[a-zA-Z0-9]{1,19}\/?\?[abdefijhgv\x22](?:\x7C\x2d?\d+?[^\\\*\+\=\|\:\;\x22\?\<\>\,\#][a-zA-Z0-9-!@#\$%^&\(\)\x20_{}\.~]{1,14})?$/U"; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE|20|"; http_header; fast_pattern:36,6; content:!"Host|3a 20|www.pinterest.com"; reference:md5,3ed744b12a77359576af10a265154081; reference:md5,a2049adc2834d797b37f45382608f2b4; classtype:trojan-activity; sid:2018958; rev:18; metadata:created_at 2013_03_25, updated_at 2013_03_25;)

Added 2018-09-13 19:49:09 UTC


Added 2018-09-13 17:58:54 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Worm.Win32.Vobfus Checkin 3"; flow:established,to_server; content:!"Accept-Language|3a|"; http_header; content:!"Referer"; http_header; content:"GET"; http_method; content:"|3f|"; offset:2; depth:20; http_uri; pcre:"/^\/[a-zA-Z0-9]{1,19}\/?\?[abdefijhgv\x22](?:\x7C\x2d?\d+?[^\\\*\+\=\|\:\;\x22\?\<\>\,\#][a-zA-Z0-9-!@#\$%^&\(\)\x20_{}\.~]{1,14})?$/U"; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE|20|"; http_header; fast_pattern:36,6; content:!"Host|3a 20|www.pinterest.com"; reference:md5,3ed744b12a77359576af10a265154081; reference:md5,a2049adc2834d797b37f45382608f2b4; classtype:trojan-activity; sid:2018958; rev:18; metadata:created_at 2013_03_25, updated_at 2013_03_25;)

Added 2017-08-07 21:13:07 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Worm.Win32.Vobfus Checkin 3"; flow:established,to_server; content:!"Accept-Language|3a|"; http_header; content:!"Referer"; http_header; content:"GET"; http_method; content:"|3f|"; offset:2; depth:20; http_uri; pcre:"/^\/[a-zA-Z0-9]{1,19}\/?\?[abdefijhgv\x22](?:\x7C\x2d?\d+?[^\\\*\+\=\|\:\;\x22\?\<\>\,\#][a-zA-Z0-9-!@#\$%^&\(\)\x20_{}\.~]{1,14})?$/U"; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE|20|"; http_header; fast_pattern:36,6; content:!"Host|3a 20|www.pinterest.com"; reference:md5,3ed744b12a77359576af10a265154081; reference:md5,a2049adc2834d797b37f45382608f2b4; classtype:trojan-activity; sid:2018958; rev:18;)

Added 2015-12-04 17:45:19 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Worm.Win32.Vobfus Checkin 3"; flow:established,to_server; content:!"Accept-Language|3a|"; http_header; content:!"Referer"; http_header; content:"GET"; http_method; content:"|3f|"; offset:2; depth:20; http_uri; pcre:"/^\/[a-zA-Z0-9]{1,19}\/?\?[abdefijhgv\x22](?:\x7C\x2d?\d+?[^\\\*\+\=\|\:\;\x22\?\<\>\,\#][a-zA-Z0-9-!@#\$%^&\(\)\x20_{}\.~]{1,14})?$/U"; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE|20|"; http_header; fast_pattern:36,6; reference:md5,3ed744b12a77359576af10a265154081; reference:md5,a2049adc2834d797b37f45382608f2b4; classtype:trojan-activity; sid:2018958; rev:17;)

Added 2014-09-08 17:51:18 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Worm.Win32.Vobfus Checkin 3"; flow:established,to_server; content:!"Accept-Language|3a|"; http_header; content:!"Referer"; http_header; content:"GET"; http_method; content:"|3f|"; offset:2; depth:14; http_uri; pcre:"/^\/[a-zA-Z0-9]{1,13}\/?\?[abdeijhg\x22](\x7C\x2d?\d+?[^\\\*\+\=\|\:\;\x22\?\<\>\,\#][a-zA-Z0-9-!@#\$%^&\(\)\x20_{}\.~]{1,14})?$/U"; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE "; http_header; fast_pattern:36,6; reference:md5,3ed744b12a77359576af10a265154081; reference:md5,a2049adc2834d797b37f45382608f2b4; classtype:trojan-activity; sid:2018958; rev:16;)

Added 2014-08-19 18:39:15 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Worm.Win32.Vobfus Checkin 3"; flow:established,to_server; content:!"Accept-Language|3a|"; http_header; content:!"Referer"; http_header; content:"GET"; http_method; content:"|3f|"; offset:2; depth:14; http_uri; pcre:"/^\/[a-zA-Z0-9]{1,13}\/?\?[abdeijhg\x22](\x7C\x2d?\d+?[^\\\*\+\=\|\:\;\x22\?\<\>\,\#][a-zA-Z0-9-!@#\$%^&\(\)\x20_{}\.~]{1,14})?$/U"; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE "; http_header; fast_pattern:36,6; reference:md5,3ed744b12a77359576af10a265154081; reference:md5,a2049adc2834d797b37f45382608f2b4; classtype:trojan-activity; sid:2018958; rev:15;)

Added 2014-08-19 16:22:04 UTC



This topic: Main > 2018958
Topic revision: r1 - 2019-05-23 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats