#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Mokes CnC? Keep-Alive"; flow:established,to_server; urilen:3; content:"GET"; http_method; content:"/v1"; depth:3; http_uri; fast_pattern; content:!"Referer|3a|"; http_header; content:"User-Agent|3a|"; http_header; content:"Accept"; http_header; threshold: type both, count 9, seconds 60, track by_src; reference:url,securelist.com/blog/research/73503/from-linux-to-windows-new-family-of-cross-platform-desktop-backdoors-discovered/; classtype:trojan-activity; sid:2022477; rev:2; metadata:created_at 2016_02_01, former_category MALWARE, updated_at 2020_06_23;)

Added 2020-11-19 18:26:22 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Mokes CnC? Keep-Alive"; flow:established,to_server; urilen:3; content:"GET"; http_method; content:"/v1"; depth:3; http_uri; fast_pattern; content:!"Referer|3a|"; http_header; content:"User-Agent|3a|"; http_header; content:"Accept"; http_header; threshold: type both, count 9, seconds 60, track by_src; reference:url,securelist.com/blog/research/73503/from-linux-to-windows-new-family-of-cross-platform-desktop-backdoors-discovered/; classtype:trojan-activity; sid:2022477; rev:2; metadata:created_at 2016_02_01, former_category MALWARE, updated_at 2020_06_23;)

Added 2020-08-05 19:12:01 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Mokes CnC? Keep-Alive"; flow:established,to_server; urilen:3; content:"GET"; http_method; content:"/v1"; depth:3; http_uri; fast_pattern; content:!"Referer|3a|"; http_header; content:"User-Agent|3a|"; http_header; content:"Accept"; http_header; threshold: type both, count 9, seconds 60, track by_src; metadata: former_category MALWARE; reference:url,securelist.com/blog/research/73503/from-linux-to-windows-new-family-of-cross-platform-desktop-backdoors-discovered/; classtype:trojan-activity; sid:2022477; rev:2; metadata:created_at 2016_02_01, updated_at 2020_06_23;)

Added 2020-06-23 23:54:48 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Mokes CnC? Keep-Alive"; flow:established,to_server; urilen:3; content:"GET"; http_method; content:"/v1"; depth:3; http_uri; fast_pattern; content:!"Referer|3a|"; http_header; content:"User-Agent|3a|"; http_header; content:"Accept"; http_header; threshold: type both, count 9, seconds 60, track by_src; metadata: former_category MALWARE; reference:url,securelist.com/blog/research/73503/from-linux-to-windows-new-family-of-cross-platform-desktop-backdoors-discovered/; classtype:trojan-activity; sid:2022477; rev:2; metadata:created_at 2016_02_01, updated_at 2016_02_01;)

Added 2019-09-19 19:26:35 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Mokes CnC? Keep-Alive"; flow:established,to_server; urilen:3; content:"GET"; http_method; content:"/v1"; depth:3; http_uri; fast_pattern; content:!"Referer|3a|"; http_header; content:"User-Agent|3a|"; http_header; content:"Accept"; http_header; threshold: type both, count 9, seconds 60, track by_src; reference:url,securelist.com/blog/research/73503/from-linux-to-windows-new-family-of-cross-platform-desktop-backdoors-discovered/; classtype:trojan-activity; sid:2022477; rev:2; metadata:created_at 2016_02_01, updated_at 2016_02_01;)

Added 2018-09-13 19:52:16 UTC


Added 2018-09-13 18:00:44 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Mokes CnC? Keep-Alive"; flow:established,to_server; urilen:3; content:"GET"; http_method; content:"/v1"; depth:3; http_uri; fast_pattern; content:!"Referer|3a|"; http_header; content:"User-Agent|3a|"; http_header; content:"Accept"; http_header; threshold: type both, count 9, seconds 60, track by_src; reference:url,securelist.com/blog/research/73503/from-linux-to-windows-new-family-of-cross-platform-desktop-backdoors-discovered/; classtype:trojan-activity; sid:2022477; rev:2; metadata:created_at 2016_02_01, updated_at 2016_02_01;)

Added 2017-08-07 21:17:22 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Mokes CnC? Keep-Alive"; flow:established,to_server; urilen:3; content:"GET"; http_method; content:"/v1"; depth:3; http_uri; fast_pattern; content:!"Referer|3a|"; http_header; content:"User-Agent|3a|"; http_header; content:"Accept"; http_header; threshold: type both, count 9, seconds 60, track by_src; reference:url,securelist.com/blog/research/73503/from-linux-to-windows-new-family-of-cross-platform-desktop-backdoors-discovered/; classtype:trojan-activity; sid:2022477; rev:2;)

Added 2016-02-01 17:29:12 UTC


Topic revision: r1 - 2020-11-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats