alert dns $HOME_NET any -> any any (msg:"ET TROJAN FrameworkPOS? Covert DNS CnC? Initial Check In"; dns_query; content:".grp"; nocase; offset:8; depth:4; content:".ping.adm"; fast_pattern; within:15; reference:url,threatstream.com/blog/three-month-frameworkpos-malware-campaign-nabs-43000-credits-cards-from-point-of-sale-systems; reference:md5,591e820591e10500fe939d6bd50e6776; classtype:trojan-activity; sid:2022559; rev:3; metadata:created_at 2016_02_23, former_category MALWARE, updated_at 2020_09_01;)

Added 2021-09-21 20:00:33 UTC


alert dns $HOME_NET any -> any any (msg:"ET TROJAN FrameworkPOS? Covert DNS CnC? Initial Check In"; dns_query; content:".grp"; nocase; offset:8; depth:4; content:".ping.adm"; fast_pattern; within:15; reference:url,threatstream.com/blog/three-month-frameworkpos-malware-campaign-nabs-43000-credits-cards-from-point-of-sale-systems; reference:md5,591e820591e10500fe939d6bd50e6776; classtype:trojan-activity; sid:2022559; rev:3; metadata:created_at 2016_02_22, former_category MALWARE, updated_at 2020_09_01;)

Added 2020-09-01 18:11:25 UTC


alert dns $HOME_NET any -> any any (msg:"ET TROJAN FrameworkPOS? Covert DNS CnC? Initial Check In"; dns_query; content:".grp"; nocase; offset:8; depth:4; content:".ping.adm"; fast_pattern; within:15; reference:url,threatstream.com/blog/three-month-frameworkpos-malware-campaign-nabs-43000-credits-cards-from-point-of-sale-systems; reference:md5,591e820591e10500fe939d6bd50e6776; classtype:trojan-activity; sid:2022559; rev:3; metadata:created_at 2016_02_22, former_category MALWARE, updated_at 2019_08_30;)

Added 2020-08-05 19:12:04 UTC


alert dns $HOME_NET any -> any any (msg:"ET TROJAN FrameworkPOS? Covert DNS CnC? Initial Check In"; dns_query; content:".grp"; nocase; offset:8; depth:4; content:".ping.adm"; fast_pattern; within:15; metadata: former_category MALWARE; reference:url,threatstream.com/blog/three-month-frameworkpos-malware-campaign-nabs-43000-credits-cards-from-point-of-sale-systems; reference:md5,591e820591e10500fe939d6bd50e6776; classtype:trojan-activity; sid:2022559; rev:3; metadata:created_at 2016_02_22, updated_at 2019_08_30;)

Added 2019-09-19 19:26:36 UTC


alert dns $HOME_NET any -> any any (msg:"ET TROJAN FrameworkPOS? Covert DNS CnC? Initial Check In"; dns_query; content:".grp"; nocase; offset:8; depth:4; content:".ping.adm"; fast_pattern; within:15; reference:url,threatstream.com/blog/three-month-frameworkpos-malware-campaign-nabs-43000-credits-cards-from-point-of-sale-systems; reference:md5,591e820591e10500fe939d6bd50e6776; classtype:trojan-activity; sid:2022559; rev:3; metadata:created_at 2016_02_22, updated_at 2019_08_30;)

Added 2019-08-30 19:36:46 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN FrameworkPOS? Covert DNS CnC? Initial Check In"; content:"|01|"; offset:2; depth:1; content:"|00 01 00 00 00 00 00|"; distance:1; within:7; content:"|04 70 69 6e 67 03 61 64 6d|"; fast_pattern; distance:15; content:"|05|grp"; nocase; offset:12; reference:url,threatstream.com/blog/three-month-frameworkpos-malware-campaign-nabs-43000-credits-cards-from-point-of-sale-systems; reference:md5,591e820591e10500fe939d6bd50e6776; classtype:trojan-activity; sid:2022559; rev:2; metadata:created_at 2016_02_22, updated_at 2019_08_29;)

Added 2019-08-29 17:59:49 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN FrameworkPOS? Covert DNS CnC? Initial Check In"; content:"|01|"; offset:2; depth:1; content:"|00 01 00 00 00 00 00|"; distance:1; within:7; content:"|04 70 69 6e 67 03 61 64 6d|"; fast_pattern; distance:15; content:"|05|grp"; nocase; offset:12; reference:url,threatstream.com/blog/three-month-frameworkpos-malware-campaign-nabs-43000-credits-cards-from-point-of-sale-systems; reference:md5,591e820591e10500fe939d6bd50e6776; classtype:trojan-activity; sid:2022559; rev:2; metadata:created_at 2016_02_22, updated_at 2019_08_28;)

Added 2019-08-28 19:01:33 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN FrameworkPOS? Covert DNS CnC? Initial Check In"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|04 70 69 6e 67 03 61 64 6d|"; fast_pattern; distance:15; content:"|05|grp"; nocase; offset:12; reference:url,threatstream.com/blog/three-month-frameworkpos-malware-campaign-nabs-43000-credits-cards-from-point-of-sale-systems; reference:md5,591e820591e10500fe939d6bd50e6776; classtype:trojan-activity; sid:2022559; rev:1; metadata:created_at 2016_02_22, updated_at 2016_02_22;)

Added 2018-09-13 19:52:20 UTC


Added 2018-09-13 18:00:46 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN FrameworkPOS? Covert DNS CnC? Initial Check In"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|04 70 69 6e 67 03 61 64 6d|"; fast_pattern; distance:15; content:"|05|grp"; nocase; offset:12; reference:url,threatstream.com/blog/three-month-frameworkpos-malware-campaign-nabs-43000-credits-cards-from-point-of-sale-systems; reference:md5,591e820591e10500fe939d6bd50e6776; classtype:trojan-activity; sid:2022559; rev:1; metadata:created_at 2016_02_22, updated_at 2016_02_22;)

Added 2017-08-07 21:17:29 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN FrameworkPOS? Covert DNS CnC? Initial Check In"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|04 70 69 6e 67 03 61 64 6d|"; fast_pattern; distance:15; content:"|05|grp"; nocase; offset:12; reference:url,threatstream.com/blog/three-month-frameworkpos-malware-campaign-nabs-43000-credits-cards-from-point-of-sale-systems; reference:md5,591e820591e10500fe939d6bd50e6776; classtype:trojan-activity; sid:2022559; rev:1;)

Added 2016-02-22 17:37:30 UTC


Topic revision: r1 - 2021-09-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats