alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Win32.Chroject.B Receiving ClickFraud? Commands from CnC? 2"; flow:from_server,established; file_data; content:""; within:13; pcre:"/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})<\/title><\/html>$/R"; content:""; fast_pattern; flowbits:isset,ET.Chroject; metadata: former_category MALWARE; reference:md5,586ad13656f4595723b481d77b6bfb09; classtype:trojan-activity; sid:2020749; rev:5; metadata:created_at 2015_03_25, updated_at 2019_10_07;)

Added 2019-10-08 19:34:22 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Win32.Chroject.B Receiving ClickFraud? Commands from CnC? 2"; flow:from_server,established; file_data; content:""; within:13; pcre:"/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})<\/title><\/html>$/R"; content:""; fast_pattern:only; flowbits:isset,ET.Chroject; metadata: former_category MALWARE; reference:md5,586ad13656f4595723b481d77b6bfb09; classtype:trojan-activity; sid:2020749; rev:4; metadata:created_at 2015_03_25, updated_at 2015_03_25;)

Added 2019-09-19 19:26:15 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Win32.Chroject.B Receiving ClickFraud? Commands from CnC? 2"; flow:from_server,established; file_data; content:""; within:13; pcre:"/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})<\/title><\/html>$/R"; content:""; fast_pattern:only; flowbits:isset,ET.Chroject; reference:md5,586ad13656f4595723b481d77b6bfb09; classtype:trojan-activity; sid:2020749; rev:4; metadata:created_at 2015_03_25, updated_at 2015_03_25;)

Added 2018-09-13 19:50:51 UTC


Added 2018-09-13 17:59:52 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Win32.Chroject.B Receiving ClickFraud? Commands from CnC? 2"; flow:from_server,established; file_data; content:""; within:13; pcre:"/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})<\/title><\/html>$/R"; content:""; fast_pattern:only; flowbits:isset,ET.Chroject; reference:md5,586ad13656f4595723b481d77b6bfb09; classtype:trojan-activity; sid:2020749; rev:4; metadata:created_at 2015_03_25, updated_at 2015_03_25;)

Added 2017-08-07 21:15:18 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Win32.Chroject.B Receiving ClickFraud? Commands from CnC? 2"; flow:from_server,established; file_data; content:""; within:13; pcre:"/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})<\/title><\/html>$/R"; content:""; fast_pattern:only; flowbits:isset,ET.Chroject; reference:md5,586ad13656f4595723b481d77b6bfb09; classtype:trojan-activity; sid:2020749; rev:4;)

Added 2015-03-27 19:40:05 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Win32.Chroject.B Receiving ClickFraud? Commands from CnC? 2"; flow:from_server,established; file_data; content:""; within:13; pcre:"/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})<\/title><\/html>$/R"; content:""; fast_pattern:only; flowbits:isset,ET.Chroject; reference:md5,6c8c988a8129ff31ad0e764e59b31200; classtype:trojan-activity; sid:2020749; rev:3;)

Added 2015-03-25 20:08:30 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats