alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Wonton-JH Checkin"; flow:established,to_server; content:"POST"; http_method; content:".asp?M00="; http_uri; fast_pattern; content:"Mozilla/4.0 (Compatible|3b 20|MSIE 6.0|3b 29|"; http_user_agent; depth:35; isdataat:!1,relative; content:!"Referer|3a|"; http_header; pcre:"/\.asp\?M00=\d+$/U"; metadata: former_category MALWARE; reference:url,blog.cylance.com/emerging-threat-alert-cve-2014-4114; reference:md5,37ca2ecb5e1fc89f73c6adc188ff685d; classtype:trojan-activity; sid:2019502; rev:3; metadata:created_at 2014_10_24, updated_at 2019_10_16;)

Added 2019-10-16 18:59:37 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Wonton-JH Checkin"; flow:established,to_server; content:"POST"; http_method; content:".asp?M00="; http_uri; fast_pattern; content:"User-Agent|3a 20|Mozilla/4.0 (Compatible|3b| MSIE 6.0|3b 29 0d 0a|"; http_header; content:!"Referer|3a|"; http_header; pcre:"/\.asp\?M00=\d+$/U"; metadata: former_category MALWARE; reference:url,blog.cylance.com/emerging-threat-alert-cve-2014-4114; reference:md5,37ca2ecb5e1fc89f73c6adc188ff685d; classtype:trojan-activity; sid:2019502; rev:2; metadata:created_at 2014_10_24, updated_at 2014_10_24;)

Added 2019-09-26 19:57:46 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Wonton-JH Checkin"; flow:established,to_server; content:"POST"; http_method; content:".asp?M00="; http_uri; fast_pattern; content:"User-Agent|3a 20|Mozilla/4.0 (Compatible|3b| MSIE 6.0|3b 29 0d 0a|"; http_header; content:!"Referer|3a|"; http_header; pcre:"/\.asp\?M00=\d+$/U"; reference:url,blog.cylance.com/emerging-threat-alert-cve-2014-4114; reference:md5,37ca2ecb5e1fc89f73c6adc188ff685d; classtype:trojan-activity; sid:2019502; rev:2; metadata:created_at 2014_10_24, updated_at 2014_10_24;)

Added 2018-09-13 19:49:37 UTC


Added 2018-09-13 17:59:11 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Wonton-JH Checkin"; flow:established,to_server; content:"POST"; http_method; content:".asp?M00="; http_uri; fast_pattern; content:"User-Agent|3a 20|Mozilla/4.0 (Compatible|3b| MSIE 6.0|3b 29 0d 0a|"; http_header; content:!"Referer|3a|"; http_header; pcre:"/\.asp\?M00=\d+$/U"; reference:url,blog.cylance.com/emerging-threat-alert-cve-2014-4114; reference:md5,37ca2ecb5e1fc89f73c6adc188ff685d; classtype:trojan-activity; sid:2019502; rev:2; metadata:created_at 2014_10_24, updated_at 2014_10_24;)

Added 2017-08-07 21:13:46 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Wonton-JH Checkin"; flow:established,to_server; content:"POST"; http_method; content:".asp?M00="; http_uri; fast_pattern; content:"User-Agent|3a 20|Mozilla/4.0 (Compatible|3b| MSIE 6.0|3b 29 0d 0a|"; http_header; content:!"Referer|3a|"; http_header; pcre:"/\.asp\?M00=\d+$/U"; reference:url,blog.cylance.com/emerging-threat-alert-cve-2014-4114; reference:md5,37ca2ecb5e1fc89f73c6adc188ff685d; classtype:trojan-activity; sid:2019502; rev:2;)

Added 2014-10-24 16:52:20 UTC


Topic revision: r1 - 2019-10-16 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats