alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32.Chroject.B ClickFraud? Request"; flow:to_server,established; content:"GET"; http_method; content:"/item/fmt?ct="; depth:13; http_uri; fast_pattern; content:"Referer|3a 20|http|3a|//"; http_header; pcre:"/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/[a-z_-]+\/(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})\r?$/RHmi"; reference:md5,586ad13656f4595723b481d77b6bfb09; classtype:trojan-activity; sid:2020750; rev:4; metadata:created_at 2015_03_25, updated_at 2020_05_19;)

Added 2020-05-19 18:33:33 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32.Chroject.B ClickFraud? Request"; flow:to_server,established; content:"GET"; http_method; content:"/item/fmt?ct="; depth:13; http_uri; fast_pattern; content:"Referer|3a 20|http|3a|//"; http_header; pcre:"/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/[a-z_-]+\/(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})\r?$/RHmi"; reference:md5,586ad13656f4595723b481d77b6bfb09; classtype:trojan-activity; sid:2020750; rev:4; metadata:created_at 2015_03_25, updated_at 2015_03_25;)

Added 2018-09-13 19:50:51 UTC


Added 2018-09-13 17:59:52 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32.Chroject.B ClickFraud? Request"; flow:to_server,established; content:"GET"; http_method; content:"/item/fmt?ct="; depth:13; http_uri; fast_pattern; content:"Referer|3a 20|http|3a|//"; http_header; pcre:"/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/[a-z_-]+\/(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})\r?$/RHmi"; reference:md5,586ad13656f4595723b481d77b6bfb09; classtype:trojan-activity; sid:2020750; rev:4; metadata:created_at 2015_03_25, updated_at 2015_03_25;)

Added 2017-08-07 21:15:18 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32.Chroject.B ClickFraud? Request"; flow:to_server,established; content:"GET"; http_method; content:"/item/fmt?ct="; depth:13; http_uri; fast_pattern; content:"Referer|3a 20|http|3a|//"; http_header; pcre:"/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/[a-z_-]+\/(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})\r?$/RHmi"; reference:md5,586ad13656f4595723b481d77b6bfb09; classtype:trojan-activity; sid:2020750; rev:4;)

Added 2015-03-27 19:40:05 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32.Chroject.B ClickFraud? Request"; flow:to_server,established; content:"GET"; http_method; content:"/item/fmt?ct="; depth:13; http_uri; fast_pattern; content:"Referer|3a 20|http|3a|//"; http_header; pcre:"/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/[a-z_-]+\/(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})\r?$/RHmi"; reference:md5,6c8c988a8129ff31ad0e764e59b31200; classtype:trojan-activity; sid:2020750; rev:2;)

Added 2015-03-25 20:08:30 UTC


Topic revision: r1 - 2020-05-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats