2025530 < Main < EmergingThreats

Main Web>2025530 (2022-04-18, TWikiGuest) (raw view)
 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN [PTsecurity] Trojan.JS.Agent.dwz Checkin 2"; flow:established,to_server; content:"POST"; http_method; content:"Accept|3a 20|*/*"; http_header; content:"Accept-Language|3a 20|"; http_header; distance:0; content:"auth255|3a 20|login"; http_header; fast_pattern; content:"Content-Type|3a 20|application/x-www-form-urlencoded"; http_header; distance:0; content:"Accept-Encoding|3a 20|gzip, deflate"; http_header; distance: 0; content:"Mozilla/4.0 (compatible|3b 20|MSIE 7.0|3b 20|Windows NT 6.1|3b|"; http_user_agent; depth:50; content:!"Referer|3a|"; http_header; content:"a="; http_client_body; depth:2; pcre:"/^(?:[a-f0-9]{2}){23,60}$/PR"; classtype:trojan-activity; sid:2025530; rev:4; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2018_04_23, deployment Perimeter, former_category MALWARE, signature_severity Major, updated_at 2022_04_18;)

</h2>

Added 2022-04-18 18:23:14 UTC


 %COMMENT{type="threadmode" default="Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps." button="Add to Documentation" }%
 
 <hr>
 


 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN [PTsecurity] Trojan.JS.Agent.dwz Checkin 2"; flow:established,to_server;content:"POST"; http_method;content:"Accept|3a 20|*/*"; http_header; content:"Accept-Language|3a 20|"; http_header; distance:0; content:"auth255|3a 20|login"; http_header; fast_pattern; content:"Content-Type|3a 20|application/x-www-form-urlencoded"; http_header; distance:0; content:"Accept-Encoding|3a 20|gzip, deflate"; http_header; distance: 0; content:"Mozilla/4.0 (compatible|3b 20|MSIE 7.0|3b 20|Windows NT 6.1|3b|"; http_user_agent; depth:50; content:!"Referer|3a|"; http_header; content:"a="; http_client_body; depth:2; pcre:"/^(?:[a-f0-9]{2}){23,60}$/PR"; classtype:trojan-activity; sid:2025530; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2018_04_23, deployment Perimeter, former_category MALWARE, signature_severity Major, updated_at 2020_11_16;)

</h2>

Added 2020-11-16 19:08:24 UTC


 
 <hr>
 


 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN [PTsecurity] Trojan.JS.Agent.dwz Checkin 2"; flow:established,to_server;content:"POST"; http_method;content:"Accept|3a 20|*/*"; http_header; content:"Accept-Language|3a 20|"; http_header; distance:0; content:"auth255|3a 20|login"; http_header; fast_pattern; content:"Content-Type|3a 20|application/x-www-form-urlencoded"; http_header; distance:0; content:"Accept-Encoding|3a 20|gzip, deflate"; http_header; distance: 0; content:"Mozilla/4.0 (compatible|3b 20|MSIE 7.0|3b 20|Windows NT 6.1|3b|"; http_user_agent; depth:50; content:!"Referer|3a|"; http_header; content:"a="; http_client_body; depth:2; pcre:"/^(?:[a-f0-9]{2}){23,60}$/PR"; classtype:trojan-activity; sid:2025530; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2018_04_23, deployment Perimeter, former_category MALWARE, signature_severity Major, updated_at 2020_04_15;)

</h2>

Added 2020-08-05 19:14:39 UTC


 
 <hr>
 


 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN [PTsecurity] Trojan.JS.Agent.dwz Checkin 2"; flow:established,to_server;content:"POST"; http_method;content:"Accept|3a 20|*/*"; http_header; content:"Accept-Language|3a 20|"; http_header; distance:0; content:"auth255|3a 20|login"; http_header; fast_pattern; content:"Content-Type|3a 20|application/x-www-form-urlencoded"; http_header; distance:0; content:"Accept-Encoding|3a 20|gzip, deflate"; http_header; distance: 0; content:"Mozilla/4.0 (compatible|3b 20|MSIE 7.0|3b 20|Windows NT 6.1|3b|"; http_user_agent; depth:50; content:!"Referer|3a|"; http_header; content:"a="; http_client_body; depth:2; pcre:"/^(?:[a-f0-9]{2}){23,60}$/PR"; metadata: former_category MALWARE; classtype:trojan-activity; sid:2025530; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2018_04_23, updated_at 2020_04_15;)

</h2>

Added 2020-04-15 18:43:12 UTC


 
 <hr>
 


 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN [PTsecurity] Trojan.JS.Agent.dwz Checkin 2"; flow:established,to_server;content:"POST"; http_method;content:"Accept|3a 20|*/*"; http_header; content:"Accept-Language|3a 20|"; http_header; distance:0; content:"auth255|3a 20|login"; http_header; fast_pattern; content:"Content-Type|3a 20|application/x-www-form-urlencoded"; http_header; distance:0; content:"Accept-Encoding|3a 20|gzip, deflate"; http_header; distance: 0; content:"Mozilla/4.0 (compatible|3b 20|MSIE 7.0|3b 20|Windows NT 6.1|3b|"; http_user_agent; depth:50; content:!"Referer|3a|"; http_header; content:"a="; http_client_body; depth:2; pcre:"/^(?:[a-f0-9]{2}){23,60}$/PR"; metadata: former_category MALWARE; classtype:trojan-activity; sid:2025530; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2018_04_23, updated_at 2019_10_24;)

</h2>

Added 2019-10-25 19:12:51 UTC


 
 <hr>
 


 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN [PTsecurity] Trojan.JS.Agent.dwz Checkin 2"; flow:established,to_server;content:"POST"; http_method;content:"Accept|3a 20|*/*"; http_header;content:"Accept-Language|3a 20|"; http_header; distance: 0; content:"auth255|3a 20|login"; http_header; fast_pattern; content:"Content-Type|3a 20|application/x-www-form-urlencoded"; http_header; distance: 0; content:"Accept-Encoding|3a 20|gzip, deflate"; http_header; distance: 0; content:"User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 6.1|3b|"; http_header; distance:0; content:!"Referer|3a|"; http_header;content:"a="; http_client_body; depth:2; pcre:"/^(?:[a-f0-9]{2}){23,60}$/PR"; metadata: former_category MALWARE; classtype:trojan-activity; sid:2025530; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2018_04_23, updated_at 2018_04_23;)

</h2>

Added 2019-09-26 19:58:26 UTC


 
 <hr>
 


 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN [PTsecurity] Trojan.JS.Agent.dwz Checkin 2"; flow:established,to_server;content:"POST"; http_method;content:"Accept|3a 20|*/*"; http_header;content:"Accept-Language|3a 20|"; http_header; distance: 0; content:"auth255|3a 20|login"; http_header; fast_pattern; content:"Content-Type|3a 20|application/x-www-form-urlencoded"; http_header; distance: 0; content:"Accept-Encoding|3a 20|gzip, deflate"; http_header; distance: 0; content:"User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 6.1|3b|"; http_header; distance:0; content:!"Referer|3a|"; http_header;content:"a="; http_client_body; depth:2; pcre:"/^(?:[a-f0-9]{2}){23,60}$/PR"; metadata: former_category TROJAN; classtype:trojan-activity; sid:2025530; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2018_04_23, updated_at 2018_04_23;)

</h2>

Added 2018-09-13 19:54:40 UTC


 
 <hr>
 


 <h2>
 


</h2>

Added 2018-09-13 18:02:08 UTC


 
 <hr>
 


 <h2>
 

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN [PTsecurity] Trojan.JS.Agent.dwz Checkin 2"; flow:established,to_server;content:"POST"; http_method;content:"Accept|3a 20|*/*"; http_header;content:"Accept-Language|3a 20|"; http_header; distance: 0; content:"auth255|3a 20|login"; http_header; fast_pattern; content:"Content-Type|3a 20|application/x-www-form-urlencoded"; http_header; distance: 0; content:"Accept-Encoding|3a 20|gzip, deflate"; http_header; distance: 0; content:"User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 6.1|3b|"; http_header; distance:0; content:!"Referer|3a|"; http_header;content:"a="; http_client_body; depth:2; pcre:"/^(?:[a-f0-9]{2}){23,60}$/PR"; metadata: former_category TROJAN; classtype:trojan-activity; sid:2025530; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2018_04_23, updated_at 2018_04_23;)

</h2>

Added 2018-04-23 17:31:30 UTC


 
 <hr>
Topic revision: r1 - 2022-04-18 - TWikiGuest
Main
User Reference
ATasteOfTWiki
TextFormattingRules
Signature Reference
WebRss Feed
EmergingFAQ