alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN MWI Maldoc Exploit Kit Stats Callout"; flow:established,from_server; flowbits:isset,ETPRO.RTF; file_data; content:"INCLUDEPICTURE "; pcre:"/^\s*?[\x22\x27][^\x22\x27]+\.php\?id=\d+[\x22\x27]/Rs"; classtype:trojan-activity; sid:2020700; rev:2; metadata:created_at 2015_03_16, former_category EXPLOIT_KIT, updated_at 2015_03_16;)

Added 2020-08-05 19:11:00 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN MWI Maldoc Exploit Kit Stats Callout"; flow:established,from_server; flowbits:isset,ETPRO.RTF; file_data; content:"INCLUDEPICTURE "; pcre:"/^\s*?[\x22\x27][^\x22\x27]+\.php\?id=\d+[\x22\x27]/Rs"; metadata: former_category EXPLOIT_KIT; classtype:trojan-activity; sid:2020700; rev:2; metadata:created_at 2015_03_16, updated_at 2015_03_16;)

Added 2019-09-26 19:57:57 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN MWI Maldoc Exploit Kit Stats Callout"; flow:established,from_server; flowbits:isset,ETPRO.RTF; file_data; content:"INCLUDEPICTURE "; pcre:"/^\s*?[\x22\x27][^\x22\x27]+\.php\?id=\d+[\x22\x27]/Rs"; classtype:trojan-activity; sid:2020700; rev:2; metadata:created_at 2015_03_16, updated_at 2015_03_16;)

Added 2018-09-13 19:50:47 UTC


Added 2018-09-13 17:59:50 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN MWI Maldoc Exploit Kit Stats Callout"; flow:established,from_server; flowbits:isset,ETPRO.RTF; file_data; content:"INCLUDEPICTURE "; pcre:"/^\s*?[\x22\x27][^\x22\x27]+\.php\?id=\d+[\x22\x27]/Rs"; classtype:trojan-activity; sid:2020700; rev:2; metadata:created_at 2015_03_16, updated_at 2015_03_16;)

Added 2017-08-07 21:15:15 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN MWI Maldoc Exploit Kit Stats Callout"; flow:established,from_server; flowbits:isset,ETPRO.RTF; file_data; content:"INCLUDEPICTURE "; pcre:"/^\s*?[\x22\x27][^\x22\x27]+\.php\?id=\d+[\x22\x27]/Rs"; classtype:trojan-activity; sid:2020700; rev:2;)

Added 2015-03-18 19:11:18 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN MWI Maldoc Exploit Kit Stats Callout"; flow:established,from_server; flowbits:isset,ETPRO.RTF; file_data; content:"INCLUDEPICTURE "; pcre:"/^\s*?[\x22\x27][^\x22\x27]+\.php\?id=\d+[\x22\x27]/Rs"; classtype:trojan-activity; sid:2020700; rev:2;)

Added 2015-03-16 19:34:53 UTC


Topic revision: r1 - 2020-08-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats