EmergingThreats> Main Web>2022845 (2021-10-04, TWikiGuest) EditAttach

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"Mozilla/5.0 (Windows NT 10.0|3b 20|Win64|3b 20|x64) Edge/13.10586"; fast_pattern; http_user_agent; depth:55; isdataat:!1,relative; pcre:"/\.php\?a=\d{5,10}.+\x3a\d\x3a\d\x3a\d\.\d\x3a\d$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:5; metadata:attack_target Client_Endpoint, created_at 2016_05_31, deployment Perimeter, former_category MALWARE, signature_severity Major, tag Ransomware, updated_at 2020_07_14, mitre_tactic_id TA0040, mitre_tactic_name Impact, mitre_technique_id T1486, mitre_technique_name Data_Encrypted_for_Impact;)

Added 2021-10-04 19:24:45 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"Mozilla/5.0 (Windows NT 10.0|3b 20|Win64|3b 20|x64) Edge/13.10586"; fast_pattern; http_user_agent; depth:55; isdataat:!1,relative; pcre:"/\.php\?a=\d{5,10}.+\x3a\d\x3a\d\x3a\d\.\d\x3a\d$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:5; metadata:created_at 2016_05_31, former_category MALWARE, updated_at 2020_07_14;)

Added 2020-08-05 19:12:15 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"Mozilla/5.0 (Windows NT 10.0|3b 20|Win64|3b 20|x64) Edge/13.10586"; fast_pattern; http_user_agent; depth:55; isdataat:!1,relative; pcre:"/\.php\?a=\d{5,10}.+\x3a\d\x3a\d\x3a\d\.\d\x3a\d$/U"; metadata: former_category MALWARE; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:5; metadata:created_at 2016_05_31, updated_at 2020_07_14;)

Added 2020-07-14 19:19:31 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"Mozilla/5.0 (Windows NT 10.0|3b 20|Win64|3b 20|x64) Edge/13.10586"; fast_pattern; http_user_agent; depth:55; isdataat:!1,relative; pcre:"/\.php\?a=\d{5,10}.+\x3a\d\x3a\d\x3a\d\.\d\x3a\d$/U"; metadata: former_category MALWARE; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:5; metadata:created_at 2016_05_31, updated_at 2020_07_14;)

Added 2020-07-14 17:57:29 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"Mozilla/5.0 (Windows NT 10.0|3b 20|Win64|3b 20|x64) Edge/13.10586"; fast_pattern; http_user_agent; depth:55; isdataat:!1,relative; pcre:"/\.php\?a=\d{5,10}.+\x3a\d\x3a\d\x3a\d\.\d\x3a\d$/U"; metadata: former_category MALWARE; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:5; metadata:created_at 2016_05_31, updated_at 2019_10_23;)

Added 2019-10-23 19:39:27 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"User-Agent|3a 20|Mozilla/5.0 (Windows NT 10.0|3b 20|Win64|3b 20|x64) Edge/13.10586|0d 0a|"; fast_pattern:40,20; http_header; pcre:"/\.php\?a=\d{5,10}.+\x3a\d\x3a\d\x3a\d\.\d\x3a\d$/U"; metadata: former_category MALWARE; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:4; metadata:created_at 2016_05_31, updated_at 2016_05_31;)

Added 2019-09-26 19:58:10 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"User-Agent|3a 20|Mozilla/5.0 (Windows NT 10.0|3b 20|Win64|3b 20|x64) Edge/13.10586|0d 0a|"; fast_pattern:40,20; http_header; pcre:"/\.php\?a=\d{5,10}.+\x3a\d\x3a\d\x3a\d\.\d\x3a\d$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:4; metadata:created_at 2016_05_31, updated_at 2016_05_31;)

Added 2018-09-13 19:52:36 UTC

Added 2018-09-13 18:00:57 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"User-Agent|3a 20|Mozilla/5.0 (Windows NT 10.0|3b 20|Win64|3b 20|x64) Edge/13.10586|0d 0a|"; fast_pattern:40,20; http_header; pcre:"/\.php\?a=\d{5,10}.+\x3a\d\x3a\d\x3a\d\.\d\x3a\d$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:4; metadata:created_at 2016_05_31, updated_at 2016_05_31;)

Added 2017-08-07 21:17:50 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"User-Agent|3a 20|Mozilla/5.0 (Windows NT 10.0|3b 20|Win64|3b 20|x64) Edge/13.10586|0d 0a|"; fast_pattern:40,20; http_header; pcre:"/\.php\?a=\d{5,10}.+\x3a\d\x3a\d\x3a\d\.\d\x3a\d$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:4;)

Added 2016-06-07 17:56:40 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"User-Agent|3a 20|Mozilla/5.0 (Windows NT 10.0|3b 20|Win64|3b 20|x64) Edge/13.10586|0d 0a|"; fast_pattern:40,20; http_header; pcre:"/\.php\?a=\d{5,10}.+\x3a\d\x3a\d\x3a\d\.\d\x3a\d$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:4;)

Added 2016-06-07 17:55:11 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"|3a|0|3a|0|3a|0.0|3a|"; fast_pattern; http_uri; distance:0; pcre:"/\x3a0\.0\x3a[01]$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:3;)

Added 2016-06-06 17:32:38 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"|3a|0|3a|0|3a|0.0|3a|"; fast_pattern; http_uri; distance:0; pcre:"/\x3a0\.0\x3a[01]$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:3;)

Added 2016-06-06 17:24:17 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"|3a|0|3a|0|3a|0.0|3a|"; fast_pattern; http_uri; distance:0; pcre:"/\x3a0\.0\x3a[01]$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:3;)

Added 2016-06-06 17:05:27 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"|3a|0|3a|0|3a|0.0|3a|1"; fast_pattern; http_uri; distance:0; pcre:"/\x3a0\.0\x3a1$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:2;)

Added 2016-05-31 17:40:45 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"|3a|0|3a|0|3a|0.0|3a|1"; fast_pattern; http_uri; distance:0; pcre:"/\x3a0\.0\x3a1$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:2;)

Added 2016-05-31 17:40:19 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Criptobit/Mobef Ransomware Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?a="; http_uri; content:"|3a|0|3a|0|3a|0.0|3a|1"; fast_pattern; http_uri; distance:0; pcre:"/\x3a0\.0\x3a1$/U"; reference:md5,c90a8039f330ba6660a91113f6c53685; classtype:trojan-activity; sid:2022845; rev:2;)

Added 2016-05-31 16:51:00 UTC

Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2021-10-04 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats