alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Vawtrak/NeverQuest Posting Data"; flow:established,to_server; content:"POST"; http_method; content:"/0"; depth:2; http_uri; content:"/0000"; distance:2; http_uri; content:!"Referer|3a|"; http_header; pcre:"/^\/0[0-2]\/[^\x2f]+\/0000[A-F0-9]{4}\/[^\x2f]+\/[A-F0-9]{8}$/Ui"; flowbits:set,ET.Vawtrak; classtype:trojan-activity; sid:2025088; rev:2; metadata:created_at 2015_01_09, former_category TROJAN, updated_at 2020_05_14;)

Added 2021-09-21 20:00:41 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Vawtrak/NeverQuest Posting Data"; flow:established,to_server; content:"POST"; http_method; content:"/0"; depth:2; http_uri; content:"/0000"; distance:2; http_uri; content:!"Referer|3a|"; http_header; pcre:"/^\/0[0-2]\/[^\x2f]+\/0000[A-F0-9]{4}\/[^\x2f]+\/[A-F0-9]{8}$/Ui"; flowbits:set,ET.Vawtrak; classtype:trojan-activity; sid:2025088; rev:2; metadata:created_at 2015_01_08, former_category TROJAN, updated_at 2020_05_14;)

Added 2020-08-05 19:14:14 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Vawtrak/NeverQuest Posting Data"; flow:established,to_server; content:"POST"; http_method; content:"/0"; depth:2; http_uri; content:"/0000"; distance:2; http_uri; content:!"Referer|3a|"; http_header; pcre:"/^\/0[0-2]\/[^\x2f]+\/0000[A-F0-9]{4}\/[^\x2f]+\/[A-F0-9]{8}$/Ui"; flowbits:set,ET.Vawtrak; metadata: former_category TROJAN; classtype:trojan-activity; sid:2025088; rev:2; metadata:created_at 2015_01_08, updated_at 2020_05_14;)

Added 2020-05-14 18:56:10 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Vawtrak/NeverQuest Posting Data"; flow:established,to_server; content:"POST"; http_method; content:"/0"; depth:2; http_uri; content:"/0000"; distance:2; http_uri; content:!"Referer|3a|"; http_header; pcre:"/^\/0[0-2]\/[^\x2f]+\/0000[A-F0-9]{4}\/[^\x2f]+\/[A-F0-9]{8}$/Ui"; flowbits:set,ET.Vawtrak; metadata: former_category TROJAN; classtype:trojan-activity; sid:2025088; rev:2; metadata:created_at 2015_01_08, updated_at 2017_11_29;)

Added 2018-09-13 19:54:23 UTC


Added 2018-09-13 18:01:57 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Vawtrak/NeverQuest Posting Data"; flow:established,to_server; content:"POST"; http_method; content:"/0"; depth:2; http_uri; content:"/0000"; distance:2; http_uri; content:!"Referer|3a|"; http_header; pcre:"/^\/0[0-2]\/[^\x2f]+\/0000[A-F0-9]{4}\/[^\x2f]+\/[A-F0-9]{8}$/Ui"; flowbits:set,ET.Vawtrak; metadata: former_category TROJAN; classtype:trojan-activity; sid:2025088; rev:2; metadata:created_at 2015_01_08, updated_at 2017_11_29;)

Added 2017-11-29 16:44:47 UTC


Topic revision: r1 - 2021-09-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats