alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Likely Arid Viper APT Advtravel Campaign POST"; flow:to_server,established; content:"POST"; http_method; content:"/index.php/customer/do_it"; http_uri; content:"Internet"; http_user_agent; depth:8; isdataat:!1,relative; content:!"Referer|3a 20|"; http_header; content:"pn="; http_client_body; content:"&data="; http_client_body; metadata: former_category MALWARE; reference:url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-arid-viper.pdf; classtype:attempted-admin; sid:2020433; rev:5; metadata:created_at 2015_02_16, updated_at 2019_10_16;)

Added 2019-10-16 18:59:37 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Likely Arid Viper APT Advtravel Campaign POST"; flow:to_server,established; content:"POST"; http_method; content:"/index.php/customer/do_it"; http_uri; content:"User-Agent|3a 20|Internet|0d 0a|"; http_header; content:!"Referer|3a 20|"; http_header; content:"pn="; http_client_body; content:"&data="; http_client_body; metadata: former_category MALWARE; reference:url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-arid-viper.pdf; classtype:attempted-admin; sid:2020433; rev:4; metadata:created_at 2015_02_16, updated_at 2015_02_16;)

Added 2019-09-26 19:57:55 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Likely Arid Viper APT Advtravel Campaign POST"; flow:to_server,established; content:"POST"; http_method; content:"/index.php/customer/do_it"; http_uri; content:"User-Agent|3a 20|Internet|0d 0a|"; http_header; content:!"Referer|3a 20|"; http_header; content:"pn="; http_client_body; content:"&data="; http_client_body; reference:url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-arid-viper.pdf; classtype:attempted-admin; sid:2020433; rev:4; metadata:created_at 2015_02_16, updated_at 2015_02_16;)

Added 2018-09-13 19:50:36 UTC


Added 2018-09-13 17:59:43 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Likely Arid Viper APT Advtravel Campaign POST"; flow:to_server,established; content:"POST"; http_method; content:"/index.php/customer/do_it"; http_uri; content:"User-Agent|3a 20|Internet|0d 0a|"; http_header; content:!"Referer|3a 20|"; http_header; content:"pn="; http_client_body; content:"&data="; http_client_body; reference:url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-arid-viper.pdf; classtype:attempted-admin; sid:2020433; rev:4; metadata:created_at 2015_02_16, updated_at 2015_02_16;)

Added 2017-08-07 21:14:55 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Likely Arid Viper APT Advtravel Campaign POST"; flow:to_server,established; content:"POST"; http_method; content:"/index.php/customer/do_it"; http_uri; content:"User-Agent|3a 20|Internet|0d 0a|"; http_header; content:!"Referer|3a 20|"; http_header; content:"pn="; http_client_body; content:"&data="; http_client_body; reference:url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-arid-viper.pdf; classtype:attempted-admin; sid:2020433; rev:4;)

Added 2015-02-19 18:36:04 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Likely Arid Viper APT Advtravel Campaign POST"; flow:to_server,established; content:"POST"; http_method; content:"/index.php/customer/do_it"; http_uri; content:"User-Agent|3a 20|Internet|0d 0a|"; http_header; content:!"Referer|3a 20|"; http_header; content:"pn="; http_client_body; content:"&data="; http_client_body; reference:url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-arid-viper.pdf; classtype:attempted-admin; sid:2020433; rev:3;)

Added 2015-02-18 14:31:45 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Likely Arid Viper APT Advtravel Campaign POST"; flow:to_server,established; content:"POST"; http_method; content:"/index.php/customer/do_it"; http_uri; content:"User-Agent|3a 20|Internet|0d 0a|"; http_header; content:!"Referer|3a 20|"; http_header; content:"pn="; http_client_body; content:"&data="; http_client_body; reference:url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-arid-viper.pdf; classtype:attempted-admin; sid:2020433; rev:3;)

Added 2015-02-16 20:24:44 UTC


Topic revision: r1 - 2019-10-16 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats