alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Chinad Retrieving Config"; flow:to_server,established; content:"GET"; http_method; urilen:22; content:"/css/bootstrap.min.css"; http_uri; fast_pattern; pcre:"/^Host\x3a\x20(?:\d{1,3}\.){3}\d{1,3}\r\nCache-Control\x3a\x20no-cache\r\n(?:\r\n)?$/Hi"; reference:url,blog.malwarebytes.org/intelligence/2015/06/unusual-exploit-kit-targets-chinese-users-part-2; reference:md5,5a454c795eccf94bf6213fcc4ee65e6d; classtype:trojan-activity; sid:2021261; rev:3; metadata:created_at 2015_06_12, updated_at 2019_10_07;)

Added 2019-10-08 19:34:28 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Chinad Retrieving Config"; flow:to_server,established; content:"GET"; http_method; urilen:22; content:"/css/bootstrap.min.css"; http_uri; fast_pattern:only; pcre:"/^Host\x3a\x20(?:\d{1,3}\.){3}\d{1,3}\r\nCache-Control\x3a\x20no-cache\r\n(?:\r\n)?$/Hi"; reference:url,blog.malwarebytes.org/intelligence/2015/06/unusual-exploit-kit-targets-chinese-users-part-2; reference:md5,5a454c795eccf94bf6213fcc4ee65e6d; classtype:trojan-activity; sid:2021261; rev:2; metadata:created_at 2015_06_12, updated_at 2015_06_12;)

Added 2018-09-13 19:51:20 UTC


Added 2018-09-13 18:00:09 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Chinad Retrieving Config"; flow:to_server,established; content:"GET"; http_method; urilen:22; content:"/css/bootstrap.min.css"; http_uri; fast_pattern:only; pcre:"/^Host\x3a\x20(?:\d{1,3}\.){3}\d{1,3}\r\nCache-Control\x3a\x20no-cache\r\n(?:\r\n)?$/Hi"; reference:url,blog.malwarebytes.org/intelligence/2015/06/unusual-exploit-kit-targets-chinese-users-part-2; reference:md5,5a454c795eccf94bf6213fcc4ee65e6d; classtype:trojan-activity; sid:2021261; rev:2; metadata:created_at 2015_06_12, updated_at 2015_06_12;)

Added 2017-08-07 21:15:56 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Chinad Retrieving Config"; flow:to_server,established; content:"GET"; http_method; urilen:22; content:"/css/bootstrap.min.css"; http_uri; fast_pattern:only; pcre:"/^Host\x3a\x20(?:\d{1,3}\.){3}\d{1,3}\r\nCache-Control\x3a\x20no-cache\r\n(?:\r\n)?$/Hi"; reference:url,blog.malwarebytes.org/intelligence/2015/06/unusual-exploit-kit-targets-chinese-users-part-2; reference:md5,5a454c795eccf94bf6213fcc4ee65e6d; classtype:trojan-activity; sid:2021261; rev:2;)

Added 2015-06-12 18:47:11 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats