#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com|0d 0a|"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; content:!"Cookie|3a|"; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:7; metadata:created_at 2015_10_06, former_category TROJAN, updated_at 2017_03_21;)

Added 2022-05-19 19:06:39 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com|0d 0a|"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; content:!"Cookie|3a|"; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:6; metadata:created_at 2015_10_06, former_category TROJAN, updated_at 2017_03_21;)

Added 2020-08-05 19:11:43 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com|0d 0a|"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; content:!"Cookie|3a|"; metadata: former_category TROJAN; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:6; metadata:created_at 2015_10_06, updated_at 2017_03_21;)

Added 2018-09-13 19:51:47 UTC


Added 2018-09-13 18:00:26 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com|0d 0a|"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; content:!"Cookie|3a|"; metadata: former_category TROJAN; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:6; metadata:created_at 2015_10_06, updated_at 2017_03_21;)

Added 2017-08-07 21:16:41 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com|0d 0a|"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; content:!"Cookie|3a|"; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:6;)

Added 2017-05-05 16:58:54 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com|0d 0a|"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; content:!"Cookie|3a|"; metadata: former_category TROJAN; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:6;)

Added 2017-03-21 17:46:22 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com|0d 0a|"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; content:!"Cookie|3a|"; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:6;)

Added 2017-01-13 17:22:02 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com|0d 0a|"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:5;)

Added 2016-11-01 18:45:10 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com|0d 0a|"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:5;)

Added 2016-11-01 18:39:19 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:!"uvnc.com"; http_header; nocase; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:4;)

Added 2016-11-01 11:21:36 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN DustySky? Checkin"; flow:established,to_server; urilen:10; content:"GET"; http_method; content:"/index.php"; http_uri; fast_pattern:only; content:!"User-Agent|3a|"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:"Host|3a|"; depth:5; http_header; content:"Connection|3a 20|Keep-Alive"; distance:0; http_header; pcre:"/^Host\x3a[^\r\n]+\r\nConnection\x3a\x20Keep-Alive\r\n(?:\r\n)?$/H"; reference:md5,07fd870e4ea8dd6b9503a956b5bb47f3; classtype:trojan-activity; sid:2021918; rev:2;)

Added 2015-10-06 17:22:51 UTC


Topic revision: r1 - 2022-05-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats