alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN CoinVault? POST M1"; flow:established,to_server; content:"POST"; http_method; urilen:1; content:"hwid="; depth:5; http_client_body; content:"&func="; http_client_body; fast_pattern; content:!"User-Agent"; http_header; content:!"Accept"; http_header; content:!"Referer"; http_header; pcre:"/^hwid=[A-F0-9]{4}(?:-[A-F0-9]{4}){7}&func=/P"; reference:url,securelist.com/blog/virus-watch/67699/a-nightmare-on-malware-street/; reference:md5,8e1bdc1c484bc03880c67424d80e351d; classtype:trojan-activity; sid:2019776; rev:3; metadata:created_at 2014_11_24, updated_at 2019_10_07;)

Added 2019-10-08 19:34:15 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN CoinVault? POST M1"; flow:established,to_server; content:"POST"; http_method; urilen:1; content:"hwid="; depth:5; http_client_body; content:"&func="; http_client_body; fast_pattern:only; content:!"User-Agent"; http_header; content:!"Accept"; http_header; content:!"Referer"; http_header; pcre:"/^hwid=[A-F0-9]{4}(?:-[A-F0-9]{4}){7}&func=/P"; reference:url,securelist.com/blog/virus-watch/67699/a-nightmare-on-malware-street/; reference:md5,8e1bdc1c484bc03880c67424d80e351d; classtype:trojan-activity; sid:2019776; rev:2; metadata:created_at 2014_11_24, updated_at 2014_11_24;)

Added 2018-09-13 19:49:53 UTC


Added 2018-09-13 17:59:20 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN CoinVault? POST M1"; flow:established,to_server; content:"POST"; http_method; urilen:1; content:"hwid="; depth:5; http_client_body; content:"&func="; http_client_body; fast_pattern:only; content:!"User-Agent"; http_header; content:!"Accept"; http_header; content:!"Referer"; http_header; pcre:"/^hwid=[A-F0-9]{4}(?:-[A-F0-9]{4}){7}&func=/P"; reference:url,securelist.com/blog/virus-watch/67699/a-nightmare-on-malware-street/; reference:md5,8e1bdc1c484bc03880c67424d80e351d; classtype:trojan-activity; sid:2019776; rev:2; metadata:created_at 2014_11_24, updated_at 2014_11_24;)

Added 2017-08-07 21:14:06 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN CoinVault? POST M1"; flow:established,to_server; content:"POST"; http_method; urilen:1; content:"hwid="; depth:5; http_client_body; content:"&func="; http_client_body; fast_pattern:only; content:!"User-Agent"; http_header; content:!"Accept"; http_header; content:!"Referer"; http_header; pcre:"/^hwid=[A-F0-9]{4}(?:-[A-F0-9]{4}){7}&func=/P"; reference:url,securelist.com/blog/virus-watch/67699/a-nightmare-on-malware-street/; reference:md5,8e1bdc1c484bc03880c67424d80e351d; classtype:trojan-activity; sid:2019776; rev:2;)

Added 2014-11-24 01:30:51 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats