alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Adware.Adposhel.A Checkin 4"; flow:established,to_server; content:"a="; depth:2; http_client_body; content:"&c="; http_client_body; distance:0; content:"&r="; http_client_body; distance:0; pcre:"/^a=[a-zA-Z0-9_-]+&c=[a-zA-Z0-9_-]+&h=[a-zA-Z0-9_-]+&r=[0-9]{15,}$/P"; http_header_names; content:!"Accept"; content:!"Referer|0d 0a|"; nocase; http_connection; content:"Close"; nocase; depth:5; isdataat:!1,relative; http_request_line; content:"POST /u/"; depth:8; fast_pattern; http_content_type; content:"application/x-www-form-urlencoded"; depth:33; isdataat:!1,relative; reference:md5,3ea75d62966f8c52de16d7849eeb3691; classtype:trojan-activity; sid:2022723; rev:4; metadata:created_at 2016_04_11, former_category ADWARE_PUP, updated_at 2020_11_05;)

Added 2020-11-05 18:35:56 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Adware.Adposhel.A Checkin 4"; flow:established,to_server; content:"a="; depth:2; http_client_body; content:"&c="; http_client_body; distance:0; content:"&r="; http_client_body; distance:0; pcre:"/^a=[a-zA-Z0-9_-]+&c=[a-zA-Z0-9_-]+&h=[a-zA-Z0-9_-]+&r=[0-9]{15,}$/P"; http_header_names; content:!"Accept"; content:!"Referer|0d 0a|"; nocase; http_connection; content:"Close"; nocase; depth:5; isdataat:!1,relative; http_request_line; content:"POST /u/"; depth:8; fast_pattern; http_content_type; content:"application/x-www-form-urlencoded"; depth:33; isdataat:!1,relative; reference:md5,3ea75d62966f8c52de16d7849eeb3691; classtype:trojan-activity; sid:2022723; rev:4; metadata:created_at 2016_04_11, former_category ADWARE_PUP, updated_at 2020_03_05;)

Added 2020-08-05 19:12:10 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Adware.Adposhel.A Checkin 4"; flow:established,to_server; content:"a="; depth:2; http_client_body; content:"&c="; http_client_body; distance:0; content:"&r="; http_client_body; distance:0; pcre:"/^a=[a-zA-Z0-9_-]+&c=[a-zA-Z0-9_-]+&h=[a-zA-Z0-9_-]+&r=[0-9]{15,}$/P"; http_header_names; content:!"Accept"; content:!"Referer|0d 0a|"; nocase; http_connection; content:"Close"; nocase; depth:5; isdataat:!1,relative; http_request_line; content:"POST /u/"; depth:8; fast_pattern; http_content_type; content:"application/x-www-form-urlencoded"; depth:33; isdataat:!1,relative; metadata: former_category ADWARE_PUP; reference:md5,3ea75d62966f8c52de16d7849eeb3691; classtype:trojan-activity; sid:2022723; rev:4; metadata:created_at 2016_04_11, updated_at 2020_03_05;)

Added 2020-03-05 19:36:42 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Adware.Adposhel.A Checkin 4"; flow:established,to_server; content:"POST"; http_method; content:"/u/"; depth:3; http_uri; fast_pattern; content:"Connection|3a| Close|0d 0a|"; nocase; http_header; content:"Content-Type|3a 20|application/x-www-form-urlencoded|0d 0a|"; content:!"Accept"; http_header; content:!"Referer|3a|"; nocase; http_header; content:"a="; depth:2; http_client_body; content:"&c="; http_client_body; distance:0; content:"&r="; http_client_body; distance:0; pcre:"/^a=[a-zA-Z0-9_-]+&c=[a-zA-Z0-9_-]+&h=[a-zA-Z0-9_-]+&r=[0-9]{15,}$/P"; metadata: former_category ADWARE_PUP; reference:md5,3ea75d62966f8c52de16d7849eeb3691; classtype:trojan-activity; sid:2022723; rev:3; metadata:created_at 2016_04_11, updated_at 2016_04_11;)

Added 2019-09-26 19:58:08 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Adware.Adposhel.A Checkin 4"; flow:established,to_server; content:"POST"; http_method; content:"/u/"; depth:3; http_uri; fast_pattern; content:"Connection|3a| Close|0d 0a|"; nocase; http_header; content:"Content-Type|3a 20|application/x-www-form-urlencoded|0d 0a|"; content:!"Accept"; http_header; content:!"Referer|3a|"; nocase; http_header; content:"a="; depth:2; http_client_body; content:"&c="; http_client_body; distance:0; content:"&r="; http_client_body; distance:0; pcre:"/^a=[a-zA-Z0-9_-]+&c=[a-zA-Z0-9_-]+&h=[a-zA-Z0-9_-]+&r=[0-9]{15,}$/P"; metadata: former_category MALWARE; reference:md5,3ea75d62966f8c52de16d7849eeb3691; classtype:trojan-activity; sid:2022723; rev:3; metadata:created_at 2016_04_11, updated_at 2016_04_11;)

Added 2019-08-15 20:33:35 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Adware.Adposhel.A Checkin 4"; flow:established,to_server; content:"POST"; http_method; content:"/u/"; depth:3; http_uri; fast_pattern; content:"Connection|3a| Close|0d 0a|"; nocase; http_header; content:"Content-Type|3a 20|application/x-www-form-urlencoded|0d 0a|"; content:!"Accept"; http_header; content:!"Referer|3a|"; nocase; http_header; content:"a="; depth:2; http_client_body; content:"&c="; http_client_body; distance:0; content:"&r="; http_client_body; distance:0; pcre:"/^a=[a-zA-Z0-9_-]+&c=[a-zA-Z0-9_-]+&h=[a-zA-Z0-9_-]+&r=[0-9]{15,}$/P"; reference:md5,3ea75d62966f8c52de16d7849eeb3691; classtype:trojan-activity; sid:2022723; rev:2; metadata:created_at 2016_04_11, updated_at 2016_04_11;)

Added 2018-09-13 19:52:29 UTC


Added 2018-09-13 18:00:52 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Adware.Adposhel.A Checkin 4"; flow:established,to_server; content:"POST"; http_method; content:"/u/"; depth:3; http_uri; fast_pattern; content:"Connection|3a| Close|0d 0a|"; nocase; http_header; content:"Content-Type|3a 20|application/x-www-form-urlencoded|0d 0a|"; content:!"Accept"; http_header; content:!"Referer|3a|"; nocase; http_header; content:"a="; depth:2; http_client_body; content:"&c="; http_client_body; distance:0; content:"&r="; http_client_body; distance:0; pcre:"/^a=[a-zA-Z0-9_-]+&c=[a-zA-Z0-9_-]+&h=[a-zA-Z0-9_-]+&r=[0-9]{15,}$/P"; reference:md5,3ea75d62966f8c52de16d7849eeb3691; classtype:trojan-activity; sid:2022723; rev:2; metadata:created_at 2016_04_11, updated_at 2016_04_11;)

Added 2017-08-07 21:17:41 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Adware.Adposhel.A Checkin 4"; flow:established,to_server; content:"POST"; http_method; content:"/u/"; depth:3; http_uri; fast_pattern; content:"Connection|3a| Close|0d 0a|"; nocase; http_header; content:"Content-Type|3a 20|application/x-www-form-urlencoded|0d 0a|"; content:!"Accept"; http_header; content:!"Referer|3a|"; nocase; http_header; content:"a="; depth:2; http_client_body; content:"&c="; http_client_body; distance:0; content:"&r="; http_client_body; distance:0; pcre:"/^a=[a-zA-Z0-9_-]+&c=[a-zA-Z0-9_-]+&h=[a-zA-Z0-9_-]+&r=[0-9]{15,}$/P"; reference:md5,3ea75d62966f8c52de16d7849eeb3691; classtype:trojan-activity; sid:2022723; rev:2;)

Added 2016-04-12 12:06:20 UTC


Topic revision: r1 - 2020-11-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats