#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com|0d 0a|"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; content:!"Cookie|3a|"; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:7; metadata:created_at 2015_10_06, former_category TROJAN, updated_at 2017_03_21;) Added 2022-05-19 19:06:39 UTC
#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com|0d 0a|"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; content:!"Cookie|3a|"; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:6; metadata:created_at 2015_10_06, former_category TROJAN, updated_at 2017_03_21;) Added 2020-08-05 19:11:43 UTC
#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com|0d 0a|"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; content:!"Cookie|3a|"; metadata: former_category TROJAN; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:6; metadata:created_at 2015_10_06, updated_at 2017_03_21;) Added 2018-09-13 19:51:47 UTC
Added 2018-09-13 18:00:26 UTC
#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com|0d 0a|"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; content:!"Cookie|3a|"; metadata: former_category TROJAN; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:6; metadata:created_at 2015_10_06, updated_at 2017_03_21;) Added 2017-08-07 21:16:41 UTC
#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com|0d 0a|"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; content:!"Cookie|3a|"; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:6;) Added 2017-05-05 16:58:54 UTC
#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com|0d 0a|"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; content:!"Cookie|3a|"; metadata: former_category TROJAN; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:6;) Added 2017-03-21 17:46:22 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com|0d 0a|"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; content:!"Cookie|3a|"; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:6;) Added 2017-01-13 17:22:02 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com|0d 0a|"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:5;) Added 2016-11-01 18:45:10 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com|0d 0a|"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:5;) Added 2016-11-01 18:39:19 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:4;) Added 2016-11-01 11:21:36 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:2;) Added 2015-10-06 17:22:51 UTC
Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actionsTopic revision: r1 - 2022-05-19 - TWikiGuest
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © Emerging Threats