alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"Mozilla/5.0 (Windows NT 10.0|3b 20|Win64|3b 20|x64) Edge/13.10586"; fast_pattern; http_user_agent; depth:55; isdataat:!1,relative; pcre:"/\.php\?a=\d{5,10}.+\x3a\d\x3a\d\x3a\d\.\d\x3a\d$/U"; metadata: former_category MALWARE; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:5; metadata:created_at 2016_05_31, updated_at 2019_10_23;)

Added 2019-10-23 19:39:27 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"User-Agent|3a 20|Mozilla/5.0 (Windows NT 10.0|3b 20|Win64|3b 20|x64) Edge/13.10586|0d 0a|"; fast_pattern:40,20; http_header; pcre:"/\.php\?a=\d{5,10}.+\x3a\d\x3a\d\x3a\d\.\d\x3a\d$/U"; metadata: former_category MALWARE; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:4; metadata:created_at 2016_05_31, updated_at 2016_05_31;)

Added 2019-09-26 19:58:10 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"User-Agent|3a 20|Mozilla/5.0 (Windows NT 10.0|3b 20|Win64|3b 20|x64) Edge/13.10586|0d 0a|"; fast_pattern:40,20; http_header; pcre:"/\.php\?a=\d{5,10}.+\x3a\d\x3a\d\x3a\d\.\d\x3a\d$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:4; metadata:created_at 2016_05_31, updated_at 2016_05_31;)

Added 2018-09-13 19:52:36 UTC

Added 2018-09-13 18:00:57 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"User-Agent|3a 20|Mozilla/5.0 (Windows NT 10.0|3b 20|Win64|3b 20|x64) Edge/13.10586|0d 0a|"; fast_pattern:40,20; http_header; pcre:"/\.php\?a=\d{5,10}.+\x3a\d\x3a\d\x3a\d\.\d\x3a\d$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:4; metadata:created_at 2016_05_31, updated_at 2016_05_31;)

Added 2017-08-07 21:17:50 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"User-Agent|3a 20|Mozilla/5.0 (Windows NT 10.0|3b 20|Win64|3b 20|x64) Edge/13.10586|0d 0a|"; fast_pattern:40,20; http_header; pcre:"/\.php\?a=\d{5,10}.+\x3a\d\x3a\d\x3a\d\.\d\x3a\d$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:4;)

Added 2016-06-07 17:56:40 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"User-Agent|3a 20|Mozilla/5.0 (Windows NT 10.0|3b 20|Win64|3b 20|x64) Edge/13.10586|0d 0a|"; fast_pattern:40,20; http_header; pcre:"/\.php\?a=\d{5,10}.+\x3a\d\x3a\d\x3a\d\.\d\x3a\d$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:4;)

Added 2016-06-07 17:55:11 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"|3a|0|3a|0|3a|0.0|3a|"; fast_pattern; http_uri; distance:0; pcre:"/\x3a0\.0\x3a[01]$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:3;)

Added 2016-06-06 17:32:38 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"|3a|0|3a|0|3a|0.0|3a|"; fast_pattern; http_uri; distance:0; pcre:"/\x3a0\.0\x3a[01]$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:3;)

Added 2016-06-06 17:24:17 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"|3a|0|3a|0|3a|0.0|3a|"; fast_pattern; http_uri; distance:0; pcre:"/\x3a0\.0\x3a[01]$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:3;)

Added 2016-06-06 17:05:27 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"|3a|0|3a|0|3a|0.0|3a|1"; fast_pattern; http_uri; distance:0; pcre:"/\x3a0\.0\x3a1$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:2;)

Added 2016-05-31 17:40:45 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"|3a|0|3a|0|3a|0.0|3a|1"; fast_pattern; http_uri; distance:0; pcre:"/\x3a0\.0\x3a1$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:2;)

Added 2016-05-31 17:40:19 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"|3a|0|3a|0|3a|0.0|3a|1"; fast_pattern; http_uri; distance:0; pcre:"/\x3a0\.0\x3a1$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:2;)

Added 2016-05-31 16:51:00 UTC