alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Likely Evil Macro EXE DL mar 28 2016"; flow:established,to_server; content:"HEAD"; http_method; content:"Microsoft BITS/7.5"; http_user_agent; fast_pattern; depth:18; isdataat:!1,relative; content:".exe"; http_uri; content:!"Referer|3a|"; http_header; pcre:"/^Host\x3a\x20[^\r\n]+(?:xyz|pw)\r?$/Hmi"; reference:md5,d599a63fac0640c21272099f39020fac; classtype:trojan-activity; sid:2022686; rev:5; metadata:created_at 2016_03_30, updated_at 2019_10_23;)

Added 2019-10-23 19:39:27 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Likely Evil Macro EXE DL mar 28 2016"; flow:established,to_server; content:"HEAD"; http_method; content:"User-Agent|3a 20|Microsoft BITS/7.5|0d 0a|"; http_header; fast_pattern:12,20; content:".exe"; http_uri; content:!"Referer|3a|"; http_header; pcre:"/^Host\x3a\x20[^\r\n]+(?:xyz|pw)\r?$/Hmi"; reference:md5,d599a63fac0640c21272099f39020fac; classtype:trojan-activity; sid:2022686; rev:4; metadata:created_at 2016_03_30, updated_at 2016_03_30;)

Added 2018-09-13 19:52:27 UTC


Added 2018-09-13 18:00:50 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Likely Evil Macro EXE DL mar 28 2016"; flow:established,to_server; content:"HEAD"; http_method; content:"User-Agent|3a 20|Microsoft BITS/7.5|0d 0a|"; http_header; fast_pattern:12,20; content:".exe"; http_uri; content:!"Referer|3a|"; http_header; pcre:"/^Host\x3a\x20[^\r\n]+(?:xyz|pw)\r?$/Hmi"; reference:md5,d599a63fac0640c21272099f39020fac; classtype:trojan-activity; sid:2022686; rev:4; metadata:created_at 2016_03_30, updated_at 2016_03_30;)

Added 2017-08-07 21:17:38 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Likely Evil Macro EXE DL mar 28 2016"; flow:established,to_server; content:"HEAD"; http_method; content:"User-Agent|3a 20|Microsoft BITS/7.5|0d 0a|"; http_header; fast_pattern:12,20; content:".exe"; http_uri; content:!"Referer|3a|"; http_header; pcre:"/^Host\x3a\x20[^\r\n]+(?:xyz|pw)\r?$/Hmi"; reference:md5,d599a63fac0640c21272099f39020fac; classtype:trojan-activity; sid:2022686; rev:4;)

Added 2016-03-31 17:31:59 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Likely Evil Macro EXE DL mar 28 2016"; flow:established,to_server; content:"HEAD"; http_method; content:"User-Agent|3a 20|Microsoft BITS/7.5|0d 0a|"; http_header; fast_pattern:12,20; content:".exe"; http_uri; content:!"Referer|3a|"; http_header; pcre:"/^Host\x3a\x20[^\r\n]+\.xyz\r?$/Hmi"; reference:md5,d599a63fac0640c21272099f39020fac; classtype:trojan-activity; sid:2022686; rev:3;)

Added 2016-03-30 20:28:25 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Likely Evil Macro EXE DL mar 28 2016"; flow:established,to_server; content:"HEAD"; http_method; content:"User-Agent|3a 20|Microsoft BITS/7.5|0d 0a|"; http_header; fast_pattern:12,20; content:".exe"; http_uri; content:!"Referer|3a|"; http_header; pcre:"/^Host\x3a\x20[^\r\n]+\.xyz\r?$/Hmi"; reference:md5,d599a63fac0640c21272099f39020fac; classtype:trojan-activity; sid:2022686; rev:3;)

Added 2016-03-30 20:14:36 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Likely Evil Macro EXE DL mar 28 2016"; flow:established,to_server; content:"HEAD"; http_method; content:"User-Agent|3a 20|Microsoft BITS/7.5|0d 0a|"; http_header; fast_pattern:12,20; content:".exe"; http_uri; content:!"Referer|3a|"; http_header; pcre:"/^Host\x3a\x20[^\r\n]+\.xyz\r?$/Hmi"; reference:md5,d599a63fac0640c21272099f39020fac; classtype:trojan-activity; sid:2022686; rev:3;)

Added 2016-03-30 18:23:30 UTC


Topic revision: r1 - 2019-10-23 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats