alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN W32/VBS.SLoad.Backdoor Initial Base64 Encoded OK Server Response"; flow:established,to_client; content:"Authorization|3a| b2sgb2s="; http_header; reference:url,www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html; reference:md5,3aabc9767d02c75ef44df6305bc6a41f; classtype:trojan-activity; sid:2027118; rev:2; metadata:created_at 2019_03_27, updated_at 2019_03_27;)

Added 2019-03-27 17:41:22 UTC


Topic revision: r1 - 2019-03-27 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats