alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN MZRevenge Ransomware CnC?"; flow:established,to_server; content:"POST"; http_method; content:".php"; isdataat:!1,relative; http_uri; content:"Mozilla/3.0 (compatible|3b| Indy Library)"; depth:38; isdataat:!1,relative; http_user_agent; content:"filename|3d 22|TVpS"; fast_pattern; http_client_body; http_content_type; content:"multipart/form-data|3b| boundary=--------"; depth:38; http_header_names; content:!"Referer|0d 0a|"; reference:url,app.any.run/tasks/e5a3d700-993f-47ab-bde1-e9ed8e9d323e/; classtype:trojan-activity; sid:2029647; rev:2; metadata:attack_target Client_Endpoint, created_at 2020_03_18, deployment Perimeter, former_category MALWARE, performance_impact Low, signature_severity Major, updated_at 2020_11_09;)

Added 2020-11-09 19:10:17 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN MZRevenge Ransomware CnC?"; flow:established,to_server; content:"POST"; http_method; content:".php"; isdataat:!1,relative; http_uri; content:"Mozilla/3.0 (compatible|3b| Indy Library)"; depth:38; isdataat:!1,relative; http_user_agent; content:"filename|3d 22|TVpS"; fast_pattern; http_client_body; http_content_type; content:"multipart/form-data|3b| boundary=--------"; depth:38; http_header_names; content:!"Referer|0d 0a|"; reference:url,app.any.run/tasks/e5a3d700-993f-47ab-bde1-e9ed8e9d323e/; classtype:trojan-activity; sid:2029647; rev:2; metadata:attack_target Client_Endpoint, created_at 2020_03_18, deployment Perimeter, former_category MALWARE, performance_impact Low, signature_severity Major, updated_at 2020_03_18;)

Added 2020-08-05 19:17:45 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN MZRevenge Ransomware CnC?"; flow:established,to_server; content:"POST"; http_method; content:".php"; isdataat:!1,relative; http_uri; content:"Mozilla/3.0 (compatible|3b| Indy Library)"; depth:38; isdataat:!1,relative; http_user_agent; content:"filename|3d 22|TVpS"; fast_pattern; http_client_body; http_content_type; content:"multipart/form-data|3b| boundary=--------"; depth:38; http_header_names; content:!"Referer|0d 0a|"; metadata: former_category MALWARE; reference:url,app.any.run/tasks/e5a3d700-993f-47ab-bde1-e9ed8e9d323e/; classtype:trojan-activity; sid:2029647; rev:2; metadata:attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2020_03_18, performance_impact Low, updated_at 2020_03_18;)

Added 2020-03-18 18:44:00 UTC


Topic revision: r1 - 2020-11-10 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats