alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN [PTsecurity] Trojan.JS.Agent.dwz Checkin 2"; flow:established,to_server;content:"POST"; http_method;content:"Accept|3a 20|*/*"; http_header; content:"Accept-Language|3a 20|"; http_header; distance:0; content:"auth255|3a 20|login"; http_header; fast_pattern; content:"Content-Type|3a 20|application/x-www-form-urlencoded"; http_header; distance:0; content:"Accept-Encoding|3a 20|gzip, deflate"; http_header; distance: 0; content:"Mozilla/4.0 (compatible|3b 20|MSIE 7.0|3b 20|Windows NT 6.1|3b|"; http_user_agent; depth:50; content:!"Referer|3a|"; http_header; content:"a="; http_client_body; depth:2; pcre:"/^(?:[a-f0-9]{2}){23,60}$/PR"; metadata: former_category MALWARE; classtype:trojan-activity; sid:2025530; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2018_04_23, updated_at 2019_10_24;)

Added 2019-10-25 19:12:51 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN [PTsecurity] Trojan.JS.Agent.dwz Checkin 2"; flow:established,to_server;content:"POST"; http_method;content:"Accept|3a 20|*/*"; http_header;content:"Accept-Language|3a 20|"; http_header; distance: 0; content:"auth255|3a 20|login"; http_header; fast_pattern; content:"Content-Type|3a 20|application/x-www-form-urlencoded"; http_header; distance: 0; content:"Accept-Encoding|3a 20|gzip, deflate"; http_header; distance: 0; content:"User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 6.1|3b|"; http_header; distance:0; content:!"Referer|3a|"; http_header;content:"a="; http_client_body; depth:2; pcre:"/^(?:[a-f0-9]{2}){23,60}$/PR"; metadata: former_category MALWARE; classtype:trojan-activity; sid:2025530; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2018_04_23, updated_at 2018_04_23;)

Added 2019-09-26 19:58:26 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN [PTsecurity] Trojan.JS.Agent.dwz Checkin 2"; flow:established,to_server;content:"POST"; http_method;content:"Accept|3a 20|*/*"; http_header;content:"Accept-Language|3a 20|"; http_header; distance: 0; content:"auth255|3a 20|login"; http_header; fast_pattern; content:"Content-Type|3a 20|application/x-www-form-urlencoded"; http_header; distance: 0; content:"Accept-Encoding|3a 20|gzip, deflate"; http_header; distance: 0; content:"User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 6.1|3b|"; http_header; distance:0; content:!"Referer|3a|"; http_header;content:"a="; http_client_body; depth:2; pcre:"/^(?:[a-f0-9]{2}){23,60}$/PR"; metadata: former_category TROJAN; classtype:trojan-activity; sid:2025530; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2018_04_23, updated_at 2018_04_23;)

Added 2018-09-13 19:54:40 UTC


Added 2018-09-13 18:02:08 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN [PTsecurity] Trojan.JS.Agent.dwz Checkin 2"; flow:established,to_server;content:"POST"; http_method;content:"Accept|3a 20|*/*"; http_header;content:"Accept-Language|3a 20|"; http_header; distance: 0; content:"auth255|3a 20|login"; http_header; fast_pattern; content:"Content-Type|3a 20|application/x-www-form-urlencoded"; http_header; distance: 0; content:"Accept-Encoding|3a 20|gzip, deflate"; http_header; distance: 0; content:"User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 6.1|3b|"; http_header; distance:0; content:!"Referer|3a|"; http_header;content:"a="; http_client_body; depth:2; pcre:"/^(?:[a-f0-9]{2}){23,60}$/PR"; metadata: former_category TROJAN; classtype:trojan-activity; sid:2025530; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2018_04_23, updated_at 2018_04_23;)

Added 2018-04-23 17:31:30 UTC


Topic revision: r1 - 2019-10-25 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats