alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Qarallax RAT Downloading Modules"; flow:to_server,established; content:"GET"; http_method; content:"qarallax.com|0d 0a|"; http_header; fast_pattern; content:"Java/"; http_user_agent; depth:5; reference:md5,cf178c55c0572d8fea89137c62afdc98; reference:url,labsblog.f-secure.com/2016/06/07/qarallax-rat-spying-on-us-visa-applicants/; classtype:trojan-activity; sid:2022881; rev:3; metadata:created_at 2016_06_08, updated_at 2019_10_23;)

Added 2019-10-23 19:39:27 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Qarallax RAT Downloading Modules"; flow:to_server,established; content:"GET"; http_method; content:"qarallax.com|0d 0a|"; http_header; fast_pattern; content:"User-Agent|3a 20|Java/"; http_header; reference:md5,cf178c55c0572d8fea89137c62afdc98; reference:url,labsblog.f-secure.com/2016/06/07/qarallax-rat-spying-on-us-visa-applicants/; classtype:trojan-activity; sid:2022881; rev:2; metadata:created_at 2016_06_08, updated_at 2016_06_08;)

Added 2018-09-13 19:52:39 UTC


Added 2018-09-13 18:00:58 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Qarallax RAT Downloading Modules"; flow:to_server,established; content:"GET"; http_method; content:"qarallax.com|0d 0a|"; http_header; fast_pattern; content:"User-Agent|3a 20|Java/"; http_header; reference:md5,cf178c55c0572d8fea89137c62afdc98; reference:url,labsblog.f-secure.com/2016/06/07/qarallax-rat-spying-on-us-visa-applicants/; classtype:trojan-activity; sid:2022881; rev:2; metadata:created_at 2016_06_08, updated_at 2016_06_08;)

Added 2017-08-07 21:17:53 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Qarallax RAT Downloading Modules"; flow:to_server,established; content:"GET"; http_method; content:"qarallax.com|0d 0a|"; http_header; fast_pattern; content:"User-Agent|3a 20|Java/"; http_header; reference:md5,cf178c55c0572d8fea89137c62afdc98; reference:url,labsblog.f-secure.com/2016/06/07/qarallax-rat-spying-on-us-visa-applicants/; classtype:trojan-activity; sid:2022881; rev:2;)

Added 2016-06-08 17:58:41 UTC


Topic revision: r1 - 2019-10-23 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats