alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Alfa/Alpha Ransomware Checkin"; flow:established,to_server; urilen:33; content:"GET"; http_method; http_start; content:"|20|HTTP/1.1|0d 0a|Host|3a 20|"; fast_pattern; http_header_names; content:!"Accept"; content:!"Connection"; content:!"Cache-Control"; content:!"Pragma"; content:!"Referer"; content:!"User-Agent"; pcre:"/^GET\x20\/[A-F0-9]{32}\x20HTTP\/1\.1\r\nHost\x3a\x20[^\r\n]+\r\n\r\n$/"; reference:md5,0601d824d188a42bc530f349926f1f95; reference:md5,900cacbd18f1e21cf6b5a9f842c23b72; reference:url,www.bleepingcomputer.com/news/security/new-alfa-or-alpha-ransomware-from-the-same-devs-as-cerber/; classtype:trojan-activity; sid:2023083; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2016_08_22, performance_impact Low, updated_at 2019_05_28;)

Added 2019-05-28 19:09:21 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Alfa/Alpha Ransomware Checkin"; flow:established,to_server; urilen:33; content:"|20|HTTP/1.1|0d 0a|Host|3a 20|"; fast_pattern:only; content:"GET"; http_method; content:!"Accept"; http_header; content:!"Connection|3a|"; http_header; content:!"Cache-Control|3a|"; http_header; content:!"Pragma|3a|"; http_header; content:!"Referer|3a|"; http_header; content:!"User-Agent|3a|"; http_header; pcre:"/^GET\x20\/[A-F0-9]{32}\x20HTTP\/1\.1\r\nHost\x3a\x20[^\r\n]+\r\n\r\n$/"; reference:md5,0601d824d188a42bc530f349926f1f95; reference:md5,900cacbd18f1e21cf6b5a9f842c23b72; reference:url,www.bleepingcomputer.com/news/security/new-alfa-or-alpha-ransomware-from-the-same-devs-as-cerber/; classtype:trojan-activity; sid:2023083; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2016_08_22, performance_impact Low, updated_at 2016_08_22;)

Added 2018-09-13 19:52:47 UTC


Added 2018-09-13 18:01:03 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Alfa/Alpha Ransomware Checkin"; flow:established,to_server; urilen:33; content:"|20|HTTP/1.1|0d 0a|Host|3a 20|"; fast_pattern:only; content:"GET"; http_method; content:!"Accept"; http_header; content:!"Connection|3a|"; http_header; content:!"Cache-Control|3a|"; http_header; content:!"Pragma|3a|"; http_header; content:!"Referer|3a|"; http_header; content:!"User-Agent|3a|"; http_header; pcre:"/^GET\x20\/[A-F0-9]{32}\x20HTTP\/1\.1\r\nHost\x3a\x20[^\r\n]+\r\n\r\n$/"; reference:md5,0601d824d188a42bc530f349926f1f95; reference:md5,900cacbd18f1e21cf6b5a9f842c23b72; reference:url,www.bleepingcomputer.com/news/security/new-alfa-or-alpha-ransomware-from-the-same-devs-as-cerber/; classtype:trojan-activity; sid:2023083; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2016_08_22, performance_impact Low, updated_at 2016_08_22;)

Added 2017-08-07 21:18:08 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Alfa/Alpha Ransomware Checkin"; flow:established,to_server; urilen:33; content:"|20|HTTP/1.1|0d 0a|Host|3a 20|"; fast_pattern:only; content:"GET"; http_method; content:!"Accept"; http_header; content:!"Connection|3a|"; http_header; content:!"Cache-Control|3a|"; http_header; content:!"Pragma|3a|"; http_header; content:!"Referer|3a|"; http_header; content:!"User-Agent|3a|"; http_header; pcre:"/^GET\x20\/[A-F0-9]{32}\x20HTTP\/1\.1\r\nHost\x3a\x20[^\r\n]+\r\n\r\n$/"; reference:md5,0601d824d188a42bc530f349926f1f95; reference:md5,900cacbd18f1e21cf6b5a9f842c23b72; reference:url,www.bleepingcomputer.com/news/security/new-alfa-or-alpha-ransomware-from-the-same-devs-as-cerber/; classtype:trojan-activity; sid:2023083; rev:2;)

Added 2016-08-22 18:19:54 UTC


Topic revision: r1 - 2019-05-28 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats