alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Vawtrak/NeverQuest Posting Data"; flow:established,to_server; content:"POST"; http_method; content:".php?i="; http_uri; content:"&data="; http_uri; distance:0; content:"&hash="; http_uri; fast_pattern; content:!"Referer|3a|"; http_header; pcre:"/&hash=[^&]+$/U"; flowbits:set,ET.Vawtrak; reference:md5,13c982c3b9c1ef714770820ffa278d2e; classtype:trojan-activity; sid:2019843; rev:4; metadata:created_at 2014_12_02, updated_at 2019_10_07;)

Added 2019-10-08 19:34:16 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Vawtrak/NeverQuest Posting Data"; flow:established,to_server; content:"POST"; http_method; content:".php?i="; http_uri; content:"&data="; http_uri; distance:0; content:"&hash="; http_uri; fast_pattern:only; content:!"Referer|3a|"; http_header; pcre:"/&hash=[^&]+$/U"; flowbits:set,ET.Vawtrak; reference:md5,13c982c3b9c1ef714770820ffa278d2e; classtype:trojan-activity; sid:2019843; rev:3; metadata:created_at 2014_12_02, updated_at 2014_12_02;)

Added 2018-09-13 19:49:58 UTC


Added 2018-09-13 17:59:22 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Vawtrak/NeverQuest Posting Data"; flow:established,to_server; content:"POST"; http_method; content:".php?i="; http_uri; content:"&data="; http_uri; distance:0; content:"&hash="; http_uri; fast_pattern:only; content:!"Referer|3a|"; http_header; pcre:"/&hash=[^&]+$/U"; flowbits:set,ET.Vawtrak; reference:md5,13c982c3b9c1ef714770820ffa278d2e; classtype:trojan-activity; sid:2019843; rev:3; metadata:created_at 2014_12_02, updated_at 2014_12_02;)

Added 2017-08-07 21:14:11 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Vawtrak/NeverQuest Posting Data"; flow:established,to_server; content:"POST"; http_method; content:".php?i="; http_uri; content:"&data="; http_uri; distance:0; content:"&hash="; http_uri; fast_pattern:only; content:!"Referer|3a|"; http_header; pcre:"/&hash=[^&]+$/U"; flowbits:set,ET.Vawtrak; reference:md5,13c982c3b9c1ef714770820ffa278d2e; classtype:trojan-activity; sid:2019843; rev:3;)

Added 2014-12-08 17:52:20 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Vawtrak/NeverQuest Posting Data"; flow:established,to_server; content:"POST"; http_method; content:".php?i="; http_uri; content:"&data="; http_uri; distance:0; content:"&hash="; http_uri; fast_pattern:only; content:!"Referer|3a|"; http_header; pcre:"/&hash=[^&]+$/U"; reference:md5,13c982c3b9c1ef714770820ffa278d2e; classtype:trojan-activity; sid:2019843; rev:2;)

Added 2014-12-02 19:02:46 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats