alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/Alina.POS-Trojan Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"Accept|3a 20|application/octet-stream|0d 0a|"; http_header; fast_pattern; content:"Mozilla/"; http_user_agent; depth:8; content:"|20|InfoPath|2e|"; http_header; distance:0; pcre:"/^User-Agent\x3a[^\r\n]+\x20InfoPath\x2e\d[^\x29]+\r?$/Hmi"; content:!"Referer|3a|"; http_header; pcre:"/\.php$/U"; metadata: former_category MALWARE; reference:md5,3959fb5b5909d9c6fb9c9a408d35f67a; reference:url,trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-pos-ram-scraper-malware.pdf; classtype:trojan-activity; sid:2019163; rev:4; metadata:created_at 2014_09_11, updated_at 2019_10_22;)

Added 2019-10-22 19:03:20 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/Alina.POS-Trojan Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"Accept|3a 20|application/octet-stream|0d 0a|"; http_header; fast_pattern; content:"User-Agent|3a 20|Mozilla/"; http_header; content:"|20|InfoPath|2e|"; http_header; distance:0; pcre:"/^User-Agent\x3a[^\r\n]+\x20InfoPath\x2e\d[^\x29]+\r?$/Hmi"; content:!"Referer|3a|"; http_header; pcre:"/\.php$/U"; metadata: former_category MALWARE; reference:md5,3959fb5b5909d9c6fb9c9a408d35f67a; reference:url,trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-pos-ram-scraper-malware.pdf; classtype:trojan-activity; sid:2019163; rev:3; metadata:created_at 2014_09_11, updated_at 2014_09_11;)

Added 2019-09-26 19:57:44 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/Alina.POS-Trojan Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"Accept|3a 20|application/octet-stream|0d 0a|"; http_header; fast_pattern; content:"User-Agent|3a 20|Mozilla/"; http_header; content:"|20|InfoPath|2e|"; http_header; distance:0; pcre:"/^User-Agent\x3a[^\r\n]+\x20InfoPath\x2e\d[^\x29]+\r?$/Hmi"; content:!"Referer|3a|"; http_header; pcre:"/\.php$/U"; reference:md5,3959fb5b5909d9c6fb9c9a408d35f67a; reference:url,trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-pos-ram-scraper-malware.pdf; classtype:trojan-activity; sid:2019163; rev:3; metadata:created_at 2014_09_11, updated_at 2014_09_11;)

Added 2018-09-13 19:49:18 UTC


Added 2018-09-13 17:58:59 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/Alina.POS-Trojan Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"Accept|3a 20|application/octet-stream|0d 0a|"; http_header; fast_pattern; content:"User-Agent|3a 20|Mozilla/"; http_header; content:"|20|InfoPath|2e|"; http_header; distance:0; pcre:"/^User-Agent\x3a[^\r\n]+\x20InfoPath\x2e\d[^\x29]+\r?$/Hmi"; content:!"Referer|3a|"; http_header; pcre:"/\.php$/U"; reference:md5,3959fb5b5909d9c6fb9c9a408d35f67a; reference:url,trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-pos-ram-scraper-malware.pdf; classtype:trojan-activity; sid:2019163; rev:3; metadata:created_at 2014_09_11, updated_at 2014_09_11;)

Added 2017-08-07 21:13:22 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/Alina.POS-Trojan Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"Accept|3a 20|application/octet-stream|0d 0a|"; http_header; fast_pattern; content:"User-Agent|3a 20|Mozilla/"; http_header; content:"|20|InfoPath|2e|"; http_header; distance:0; pcre:"/^User-Agent\x3a[^\r\n]+\x20InfoPath\x2e\d[^\x29]+\r?$/Hmi"; content:!"Referer|3a|"; http_header; pcre:"/\.php$/U"; reference:md5,3959fb5b5909d9c6fb9c9a408d35f67a; reference:url,trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-pos-ram-scraper-malware.pdf; classtype:trojan-activity; sid:2019163; rev:3;)

Added 2015-07-31 23:02:09 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/Alina.POS-Trojan Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 5.1|3b| InfoPath?.1 Spark v1.1|0d 0a|"; http_header; fast_pattern:66,20; content:!"Referer|3a|"; http_header; pcre:"/\.php$/U"; reference:md5,3959fb5b5909d9c6fb9c9a408d35f67a; reference:url,trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-pos-ram-scraper-malware.pdf; classtype:trojan-activity; sid:2019163; rev:2;)

Added 2014-12-22 19:02:42 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN JackPOS? Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 5.1|3b| InfoPath?.1 Spark v1.1|0d 0a|"; http_header; fast_pattern:66,20; content:!"Referer|3a|"; http_header; pcre:"/\.php$/U"; reference:md5,3959fb5b5909d9c6fb9c9a408d35f67a; reference:url,trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-pos-ram-scraper-malware.pdf; classtype:trojan-activity; sid:2019163; rev:2;)

Added 2014-09-11 16:55:09 UTC


Topic revision: r1 - 2019-10-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats