EmergingThreats> Main Web>2019138 (2020-12-22, TWikiGuest) EditAttach

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Poweliks GET Request"; flow:established,to_server; content:"GET"; http_method; urilen:4; content:"/dll"; http_uri; fast_pattern; content:"Content-Length|3a 20|0|0d 0a|"; http_header; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; reference:url,malware-traffic-analysis.net/2014/08/01/index3.html; classtype:trojan-activity; sid:2019138; rev:4; metadata:created_at 2014_09_08, updated_at 2020_12_22;)

Added 2020-12-22 18:16:54 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Poweliks GET Request"; flow:established,to_server; content:"GET"; http_method; urilen:4; content:"/dll"; http_uri; fast_pattern; content:"Content-Length|3a 20|0|0d 0a|"; http_header; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; reference:url,malware-traffic-analysis.net/2014/08/01/index3.html; classtype:trojan-activity; sid:2019138; rev:4; metadata:created_at 2014_09_08, updated_at 2020_09_25;)

Added 2020-09-25 19:29:47 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Poweliks GET Request"; flow:established,to_server; content:"GET"; http_method; urilen:4; content:"/dll"; http_uri; fast_pattern:only; content:"Content-Length|3a 20|0|0d 0a|"; http_header; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; reference:url,malware-traffic-analysis.net/2014/08/01/index3.html; classtype:trojan-activity; sid:2019138; rev:3; metadata:created_at 2014_09_08, updated_at 2019_10_07;)

Added 2019-10-07 19:58:49 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Poweliks GET Request"; flow:established,to_server; content:"GET"; http_method; urilen:4; content:"/dll"; http_uri; fast_pattern:only; content:"Content-Length|3a 20|0|0d 0a|"; http_header; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; reference:url,malware-traffic-analysis.net/2014/08/01/index3.html; classtype:trojan-activity; sid:2019138; rev:3; metadata:created_at 2014_09_08, updated_at 2014_09_08;)

Added 2018-09-13 19:49:17 UTC

Added 2018-09-13 17:58:58 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Poweliks GET Request"; flow:established,to_server; content:"GET"; http_method; urilen:4; content:"/dll"; http_uri; fast_pattern:only; content:"Content-Length|3a 20|0|0d 0a|"; http_header; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; reference:url,malware-traffic-analysis.net/2014/08/01/index3.html; classtype:trojan-activity; sid:2019138; rev:3; metadata:created_at 2014_09_08, updated_at 2014_09_08;)

Added 2017-08-07 21:13:20 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Poweliks GET Request"; flow:established,to_server; content:"GET"; http_method; urilen:4; content:"/dll"; http_uri; fast_pattern:only; content:"Content-Length|3a 20|0|0d 0a|"; http_header; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; reference:url,malware-traffic-analysis.net/2014/08/01/index3.html; classtype:trojan-activity; sid:2019138; rev:3;)

Added 2014-09-08 17:51:18 UTC

Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2020-12-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats