alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO Possibly Malicious VBS Writing to Persistence Registry Location"; flow:established,from_server; content:"200"; http_stat_code; file_data; content:"on|20|error|20|resume|20|next"; nocase; content:".regwrite|20 22|"; distance:0; content:"|5c|software|5c|microsoft|5c|windows|5c|currentversion|5c|run"; distance:0; within:80; fast_pattern; reference:md5,cac1aedbcb417dcba511db5caae4b8c0; classtype:trojan-activity; sid:2026427; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, created_at 2018_09_28, deployment Perimeter, former_category INFO, performance_impact Low, signature_severity Major, tag VBS, tag Persistence, updated_at 2020_11_18;)

Added 2020-11-18 18:26:32 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO Possibly Malicious VBS Writing to Persistence Registry Location"; flow:established,from_server; content:"200"; http_stat_code; file_data; content:"on|20|error|20|resume|20|next"; nocase; content:".regwrite|20 22|"; distance:0; content:"|5c|software|5c|microsoft|5c|windows|5c|currentversion|5c|run"; distance:0; within:80; fast_pattern; reference:md5,cac1aedbcb417dcba511db5caae4b8c0; classtype:trojan-activity; sid:2026427; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, created_at 2018_09_28, deployment Perimeter, former_category INFO, performance_impact Low, signature_severity Major, tag VBS, tag Persistence, updated_at 2020_08_19;)

Added 2020-08-19 18:14:32 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO Possibly Malicious VBS Writing to Persistence Registry Location"; flow:established,from_server; content:"200"; http_stat_code; file_data; content:"on|20|error|20|resume|20|next"; nocase; content:".regwrite|20 22|"; distance:0; content:"|5c|software|5c|microsoft|5c|windows|5c|currentversion|5c|run"; distance:0; within:80; fast_pattern; reference:md5,cac1aedbcb417dcba511db5caae4b8c0; classtype:trojan-activity; sid:2026427; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, created_at 2018_09_28, deployment Perimeter, former_category INFO, performance_impact Low, signature_severity Major, tag VBS, tag Persistence, updated_at 2018_09_28;)

Added 2020-08-05 19:15:27 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO Possibly Malicious VBS Writing to Persistence Registry Location"; flow:established,from_server; content:"200"; http_stat_code; file_data; content:"on|20|error|20|resume|20|next"; nocase; content:".regwrite|20 22|"; distance:0; content:"|5c|software|5c|microsoft|5c|windows|5c|currentversion|5c|run"; distance:0; within:80; fast_pattern; metadata: former_category INFO; reference:md5,cac1aedbcb417dcba511db5caae4b8c0; classtype:trojan-activity; sid:2026427; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, deployment Perimeter, tag VBS, tag Persistence, signature_severity Major, created_at 2018_09_28, performance_impact Low, updated_at 2018_09_28;)

Added 2018-09-28 18:11:41 UTC


Topic revision: r1 - 2020-11-18 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats