alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Vawtrak/NeverQuest Posting Data"; flow:established,to_server; content:"POST"; http_method; content:"/0000"; offset:2; http_uri; content:!"Referer|3a|"; http_header; pcre:"/^\/[^\x2f]+\/0000[A-F0-9]{4}\/0[0-2]\/[A-F0-9]{8}$/Ui"; flowbits:set,ET.Vawtrak; reference:md5,1a5ee37a6075b5a95faf8f07ad060cc9; classtype:trojan-activity; sid:2025087; rev:2; metadata:created_at 2015_01_09, former_category TROJAN, updated_at 2020_05_14;)

Added 2021-09-21 20:00:41 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Vawtrak/NeverQuest Posting Data"; flow:established,to_server; content:"POST"; http_method; content:"/0000"; offset:2; http_uri; content:!"Referer|3a|"; http_header; pcre:"/^\/[^\x2f]+\/0000[A-F0-9]{4}\/0[0-2]\/[A-F0-9]{8}$/Ui"; flowbits:set,ET.Vawtrak; reference:md5,1a5ee37a6075b5a95faf8f07ad060cc9; classtype:trojan-activity; sid:2025087; rev:2; metadata:created_at 2015_01_08, former_category TROJAN, updated_at 2020_05_14;)

Added 2020-08-05 19:14:14 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Vawtrak/NeverQuest Posting Data"; flow:established,to_server; content:"POST"; http_method; content:"/0000"; offset:2; http_uri; content:!"Referer|3a|"; http_header; pcre:"/^\/[^\x2f]+\/0000[A-F0-9]{4}\/0[0-2]\/[A-F0-9]{8}$/Ui"; flowbits:set,ET.Vawtrak; metadata: former_category TROJAN; reference:md5,1a5ee37a6075b5a95faf8f07ad060cc9; classtype:trojan-activity; sid:2025087; rev:2; metadata:created_at 2015_01_08, updated_at 2020_05_14;)

Added 2020-05-14 18:56:10 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Vawtrak/NeverQuest Posting Data"; flow:established,to_server; content:"POST"; http_method; content:"/0000"; offset:2; http_uri; content:!"Referer|3a|"; http_header; pcre:"/^\/[^\x2f]+\/0000[A-F0-9]{4}\/0[0-2]\/[A-F0-9]{8}$/Ui"; flowbits:set,ET.Vawtrak; metadata: former_category TROJAN; reference:md5,1a5ee37a6075b5a95faf8f07ad060cc9; classtype:trojan-activity; sid:2025087; rev:2; metadata:created_at 2015_01_08, updated_at 2017_11_29;)

Added 2018-09-13 19:54:23 UTC


Added 2018-09-13 18:01:57 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Vawtrak/NeverQuest Posting Data"; flow:established,to_server; content:"POST"; http_method; content:"/0000"; offset:2; http_uri; content:!"Referer|3a|"; http_header; pcre:"/^\/[^\x2f]+\/0000[A-F0-9]{4}\/0[0-2]\/[A-F0-9]{8}$/Ui"; flowbits:set,ET.Vawtrak; metadata: former_category TROJAN; reference:md5,1a5ee37a6075b5a95faf8f07ad060cc9; classtype:trojan-activity; sid:2025087; rev:2; metadata:created_at 2015_01_08, updated_at 2017_11_29;)

Added 2017-11-29 16:44:47 UTC


Topic revision: r1 - 2021-09-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats