alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN OceanLotus? System Profiling JavaScript? HTTP Request"; flow:established,to_server; content:".jpg?v="; http_uri; fast_pattern; content:"&d="; distance:0; http_uri; pcre:"/\.jpg\?v=\d+&d=(?!\d{8}T\d{6}Z)(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{4})$/U"; content:!"c.shld.net"; http_host; content:!"scholtzskys.com"; http_host; metadata: former_category TROJAN; reference:url,www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/; classtype:trojan-activity; sid:2024969; rev:4; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag OceanLotus?, signature_severity Critical, created_at 2017_11_07, performance_impact Low, updated_at 2019_08_07;)

Added 2019-08-07 19:27:24 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN OceanLotus? System Profiling JavaScript? HTTP Request"; flow:established,to_server; content:".jpg?v="; http_uri; fast_pattern; content:"&d="; distance:0; http_uri; pcre:"/\.jpg\?v=\d+&d=(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$/U"; content:!"c.shld.net"; http_host; content:!"scholtzskys.com"; http_host; metadata: former_category TROJAN; reference:url,www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/; classtype:trojan-activity; sid:2024969; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag OceanLotus?, signature_severity Critical, created_at 2017_11_07, performance_impact Low, updated_at 2018_08_29;)

Added 2018-08-29 18:11:15 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN OceanLotus? System Profiling JavaScript? HTTP Request"; flow:established,to_server; content:".jpg?v="; http_uri; fast_pattern; content:"&d="; distance:0; http_uri; pcre:"/\.jpg\?v=\d+&d=(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$/U"; content:!"c.shld.net"; http_host; metadata: former_category TROJAN; reference:url,www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/; classtype:trojan-activity; sid:2024969; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag OceanLotus?, signature_severity Critical, created_at 2017_11_07, performance_impact Low, updated_at 2017_11_07;)

Added 2018-04-03 16:44:25 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN OceanLotus? System Profiling JavaScript? HTTP Request"; flow:established,to_server; content:".jpg?v="; http_uri; fast_pattern; content:"&d="; distance:0; http_uri; pcre:"/\.jpg\?v=\d+&d=(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$/U"; metadata: former_category TROJAN; reference:url,www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/; classtype:trojan-activity; sid:2024969; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag OceanLotus?, signature_severity Critical, created_at 2017_11_07, performance_impact Low, updated_at 2017_11_07;)

Added 2017-11-07 16:20:37 UTC


Topic revision: r1 - 2019-08-07 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats