#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MultiPlug?.J Checkin"; flow:established,to_server; urilen:>103; content:"/?q="; http_uri; fast_pattern:only; content:!"Referer|3a 20|"; http_header; content:!"POST"; http_method; pcre:"/^\/(?:[A-Za-z]+\d?\/)?\?q=(?=[a-z0-9+/]*[A-Z])(?=[A-Z0-9+/]*[a-z])(?=[A-Za-z0-9+/\x25]*\d)[A-Za-z0-9+/\x25]{100}/U"; content:!"map24.com|0d 0a|"; http_header; content:!"aptrk.com|0d 0a|"; http_header; content:!"Accept-"; http_header; pcre:"/^Accept\x3a\x20[^\r\n]+\r\nUser-Agent\x3a\x20[^\r\n]+\r\nHost\x3a\x20[^\r\n]+\r?$/Hi"; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:16; metadata:created_at 2015_02_13, former_category ADWARE_PUP, updated_at 2016_07_20;)

Added 2022-05-19 19:06:32 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MultiPlug?.J Checkin"; flow:established,to_server; urilen:>103; content:"/?q="; http_uri; fast_pattern:only; content:!"Referer|3a 20|"; http_header; content:!"POST"; http_method; pcre:"/^\/(?:[A-Za-z]+\d?\/)?\?q=(?=[a-z0-9+/]*[A-Z])(?=[A-Z0-9+/]*[a-z])(?=[A-Za-z0-9+/\x25]*\d)[A-Za-z0-9+/\x25]{100}/U"; content:!"map24.com|0d 0a|"; http_header; content:!"aptrk.com|0d 0a|"; http_header; content:!"Accept-"; http_header; pcre:"/^Accept\x3a\x20[^\r\n]+\r\nUser-Agent\x3a\x20[^\r\n]+\r\nHost\x3a\x20[^\r\n]+\r?$/Hi"; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:15; metadata:created_at 2015_02_13, former_category ADWARE_PUP, updated_at 2016_07_20;)

Added 2020-08-05 19:10:50 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MultiPlug?.J Checkin"; flow:established,to_server; urilen:>103; content:"/?q="; http_uri; fast_pattern:only; content:!"Referer|3a 20|"; http_header; content:!"POST"; http_method; pcre:"/^\/(?:[A-Za-z]+\d?\/)?\?q=(?=[a-z0-9+/]*[A-Z])(?=[A-Z0-9+/]*[a-z])(?=[A-Za-z0-9+/\x25]*\d)[A-Za-z0-9+/\x25]{100}/U"; content:!"map24.com|0d 0a|"; http_header; content:!"aptrk.com|0d 0a|"; http_header; content:!"Accept-"; http_header; pcre:"/^Accept\x3a\x20[^\r\n]+\r\nUser-Agent\x3a\x20[^\r\n]+\r\nHost\x3a\x20[^\r\n]+\r?$/Hi"; metadata: former_category ADWARE_PUP; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:15; metadata:created_at 2015_02_13, updated_at 2016_07_20;)

Added 2019-09-26 19:57:55 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MultiPlug?.J Checkin"; flow:established,to_server; urilen:>103; content:"/?q="; http_uri; fast_pattern:only; content:!"Referer|3a 20|"; http_header; content:!"POST"; http_method; pcre:"/^\/(?:[A-Za-z]+\d?\/)?\?q=(?=[a-z0-9+/]*[A-Z])(?=[A-Z0-9+/]*[a-z])(?=[A-Za-z0-9+/\x25]*\d)[A-Za-z0-9+/\x25]{100}/U"; content:!"map24.com|0d 0a|"; http_header; content:!"aptrk.com|0d 0a|"; http_header; content:!"Accept-"; http_header; pcre:"/^Accept\x3a\x20[^\r\n]+\r\nUser-Agent\x3a\x20[^\r\n]+\r\nHost\x3a\x20[^\r\n]+\r?$/Hi"; metadata: former_category MALWARE; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:15; metadata:created_at 2015_02_13, updated_at 2016_07_20;)

Added 2019-08-15 20:33:28 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MultiPlug?.J Checkin"; flow:established,to_server; urilen:>103; content:"/?q="; http_uri; fast_pattern:only; content:!"Referer|3a 20|"; http_header; content:!"POST"; http_method; pcre:"/^\/(?:[A-Za-z]+\d?\/)?\?q=(?=[a-z0-9+/]*[A-Z])(?=[A-Z0-9+/]*[a-z])(?=[A-Za-z0-9+/\x25]*\d)[A-Za-z0-9+/\x25]{100}/U"; content:!"map24.com|0d 0a|"; http_header; content:!"aptrk.com|0d 0a|"; http_header; content:!"Accept-"; http_header; pcre:"/^Accept\x3a\x20[^\r\n]+\r\nUser-Agent\x3a\x20[^\r\n]+\r\nHost\x3a\x20[^\r\n]+\r?$/Hi"; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:15; metadata:created_at 2015_02_13, updated_at 2016_07_20;)

Added 2018-09-13 19:50:35 UTC


Added 2018-09-13 17:59:42 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MultiPlug?.J Checkin"; flow:established,to_server; urilen:>103; content:"/?q="; http_uri; fast_pattern:only; content:!"Referer|3a 20|"; http_header; content:!"POST"; http_method; pcre:"/^\/(?:[A-Za-z]+\d?\/)?\?q=(?=[a-z0-9+/]*[A-Z])(?=[A-Z0-9+/]*[a-z])(?=[A-Za-z0-9+/\x25]*\d)[A-Za-z0-9+/\x25]{100}/U"; content:!"map24.com|0d 0a|"; http_header; content:!"aptrk.com|0d 0a|"; http_header; content:!"Accept-"; http_header; pcre:"/^Accept\x3a\x20[^\r\n]+\r\nUser-Agent\x3a\x20[^\r\n]+\r\nHost\x3a\x20[^\r\n]+\r?$/Hi"; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:15; metadata:created_at 2015_02_13, updated_at 2016_07_20;)

Added 2017-08-07 21:14:54 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MultiPlug?.J Checkin"; flow:established,to_server; urilen:>103; content:"/?q="; http_uri; fast_pattern:only; content:!"Referer|3a 20|"; http_header; content:!"POST"; http_method; pcre:"/^\/(?:[A-Za-z]+\d?\/)?\?q=(?=[a-z0-9+/]*[A-Z])(?=[A-Z0-9+/]*[a-z])(?=[A-Za-z0-9+/\x25]*\d)[A-Za-z0-9+/\x25]{100}/U"; content:!"map24.com|0d 0a|"; http_header; content:!"aptrk.com|0d 0a|"; http_header; content:!"Accept-"; http_header; pcre:"/^Accept\x3a\x20[^\r\n]+\r\nUser-Agent\x3a\x20[^\r\n]+\r\nHost\x3a\x20[^\r\n]+\r?$/Hi"; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:15;)

Added 2016-07-20 17:25:17 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MultiPlug?.J Checkin"; flow:established,to_server; urilen:>103; content:"/?q="; http_uri; fast_pattern:only; content:!"Referer|3a 20|"; http_header; content:!"POST"; http_method; pcre:"/^\/(?:[A-Za-z]+\d?\/)?\?q=(?=[a-z0-9+/]*[A-Z])(?=[A-Z0-9+/]*[a-z])(?=[A-Za-z0-9+/\x25]*\d)[A-Za-z0-9+/\x25]{100}/U"; content:!"map24.com|0d 0a|"; http_header; content:!"aptrk.com|0d 0a|"; http_header; content:!"Accept-"; http_header; pcre:"/^Accept\x3a\x20[^\r\n]+\r\nUser-Agent\x3a\x20[^\r\n]+\r\nHost\x3a\x20[^\r\n]+\r?$/Hi"; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:15;)

Added 2016-07-20 17:24:09 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MultiPlug?.J Checkin"; flow:established,to_server; urilen:>103; content:"/?q="; http_uri; fast_pattern; content:!"Im1vbmV5dGl6"; within:12; http_uri; content:!"Referer|3a 20|"; http_header; content:!"POST"; http_method; pcre:"/^\/(?:[A-Za-z]+\d?\/)?\?q=(?=[a-z0-9+/]*[A-Z])(?=[A-Z0-9+/]*[a-z])(?=[A-Za-z0-9+/\x25]*\d)[A-Za-z0-9+/\x25]{100}/U"; content:!"map24.com|0d 0a|"; http_header; content:!"aptrk.com|0d 0a|"; http_header; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:14;)

Added 2016-07-18 17:35:18 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MultiPlug?.J Checkin"; flow:established,to_server; urilen:>103; content:"/?q="; http_uri; fast_pattern; content:!"Im1vbmV5dGl6"; within:12; http_uri; content:!"Referer|3a 20|"; http_header; content:!"POST"; http_method; pcre:"/^\/(?:[A-Za-z]+\d?\/)?\?q=(?=[a-z0-9+/]*[A-Z])(?=[A-Z0-9+/]*[a-z])(?=[A-Za-z0-9+/\x25]*\d)[A-Za-z0-9+/\x25]{100}/U"; content:!"map24.com|0d 0a|"; http_header; content:!"aptrk.com|0d 0a|"; http_header; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:14;)

Added 2016-07-18 17:34:10 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MultiPlug?.J Checkin"; flow:established,to_server; urilen:>103; content:"/?q="; http_uri; fast_pattern:only; content:!"Referer|3a 20|"; http_header; content:!"POST"; http_method; pcre:"/^\/(?:[A-Za-z]+\d?\/)?\?q=(?=[a-z0-9+/]*[A-Z])(?=[A-Z0-9+/]*[a-z])(?=[A-Za-z0-9+/\x25]*\d)[A-Za-z0-9+/\x25]{100}/U"; content:!"map24.com|0d 0a|"; http_header; content:!"aptrk.com|0d 0a|"; http_header; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:13;)

Added 2016-05-06 17:23:31 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MultiPlug?.J Checkin"; flow:established,to_server; urilen:>103; content:"/?q="; http_uri; fast_pattern:only; content:!"Referer|3a 20|"; http_header; content:!"POST"; http_method; pcre:"/^\/(?:[A-Za-z]+\d?\/)?\?q=(?=[a-z0-9+/]*[A-Z])(?=[A-Z0-9+/]*[a-z])(?=[A-Za-z0-9+/\x25]*\d)[A-Za-z0-9+/\x25]{100}/U"; content:!"map24.com|0d 0a|"; http_header; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:12;)

Added 2016-01-14 00:48:59 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MultiPlug?.J Checkin"; flow:established,to_server; urilen:>103; content:"/?q="; http_uri; fast_pattern:only; content:!"Referer|3a 20|"; http_header; content:!"POST"; http_method; pcre:"/^\/(?:[A-Za-z]+\d?\/)?\?q=(?=[a-z0-9+/]*[A-Z])(?=[A-Z0-9+/]*[a-z])(?=[A-Za-z0-9+/\x25]*\d)[A-Za-z0-9+/\x25]{100}/U"; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:11;)

Added 2015-09-28 18:59:06 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MultiPlug?.J Checkin"; flow:established,to_server; content:"/?q="; http_uri; fast_pattern:only; content:!"Referer|3a 20|"; http_header; pcre:"/^\/(?:[A-Za-z]+\d?\/)?\?q=(?=[a-z0-9+/]*[A-Z])(?=[A-Z0-9+/]*[a-z])(?=[A-Za-z0-9+/\x25]*\d)[A-Za-z0-9+/\x25]{150}/U"; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:10;)

Added 2015-08-13 19:18:34 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN MultiPlug?.J Checkin"; flow:established,to_server; content:"/?q="; http_uri; fast_pattern:only; content:!"Referer|3a 20|"; http_header; pcre:"/^\/(?:[A-Za-z]+\/)?\?q=(?=[a-z0-9+/]*[A-Z])(?=[A-Z0-9+/]*[a-z])(?=[A-Za-z0-9+/\x25]*\d)[A-Za-z0-9+/\x25]{150}/U"; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:9;)

Added 2015-06-30 17:21:45 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN MultiPlug?.J Checkin"; flow:established,to_server; content:"/?q="; http_uri; fast_pattern:only; content:!"Referer|3a 20|"; http_header; pcre:"/^\/(?:[A-Za-z]+\/)?\?q=(?=[a-z0-9+/ ]*[A-Z])(?=[A-Z0-9+/ ]*[a-z])(?=[A-Za-z0-9+/ ]*\d)[A-Za-z0-9+/ ]+$/U"; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:8;)

Added 2015-06-17 17:52:41 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN MultiPlug?.J Checkin"; flow:established,to_server; content:"/?q="; http_uri; fast_pattern:only; content:!"Referer|3a 20|"; http_header; content:!"|0d 0a|Accept-"; http_header; pcre:"/^\/(?:[A-Za-z]+\/)?\?q=(?=[a-z0-9+/ ]*[A-Z])(?=[A-Z0-9+/ ]*[a-z])(?=[A-Za-z0-9+/ ]*\d)[A-Za-z0-9+/ ]+$/U"; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:6;)

Added 2015-05-20 17:52:44 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN MultiPlug?.J Checkin"; flow:established,to_server; content:"/?q="; http_uri; fast_pattern:only; content:!"Referer|3a 20|"; http_header; content:!"|0d 0a|Accept-"; http_header; pcre:"/^\/[A-Za-z]+\/\?q=[A-Za-z0-9+/ ]+$/U"; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:5;)

Added 2015-04-13 22:01:12 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN MultiPlug?.J Checkin"; flow:established,to_server; urilen:>300; content:"/?q="; http_uri; fast_pattern:only; content:!"Referer|3a 20|"; http_header; content:!"|0d 0a|Accept-"; http_header; pcre:"/^\/[A-Za-z]+\/\?q=[A-Za-z0-9+/ ]+$/U"; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:4;)

Added 2015-03-24 19:03:05 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN MultiPlug?.J Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/sync"; http_uri; fast_pattern:only; content:"/?q="; offset:5; http_uri; content:!"Referer|3a|"; http_header; pcre:"/^\/sync[^\x2f]*\/\?q=/U"; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:3;)

Added 2015-03-09 21:22:32 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MultiPlug?.J Checkin"; flow:established,to_server; content:"GET"; http_method; content:"/sync"; http_uri; fast_pattern:only; content:"/?q="; offset:5; http_uri; content:!"Referer|3a|"; http_header; pcre:"/^\/sync[^\x2f]*\/\?q=/U"; reference:md5,64482895a11d120a9f17ded96aa43cd3; reference:md5,a108ae58850e8f48428070d3193e5c11; classtype:trojan-activity; sid:2020422; rev:3;)

Added 2015-02-13 16:21:48 UTC


Topic revision: r1 - 2022-05-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats