alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Razy Variant Checkin"; flow:established,to_server; content:"GET"; nocase; http_method; content:"?m="; http_uri; content:"&a="; http_uri; content:"&os="; http_uri; content:"&ComPut="; http_uri; fast_pattern; content:!"User-Agent|3a| "; http_header; content:!"360safe.com"; http_header; reference:url,doc.emergingthreats.net/2008433; classtype:trojan-activity; sid:2008433; rev:10;)

Added 2016-11-01 18:45:10 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Razy Variant Checkin"; flow:established,to_server; content:"GET"; nocase; http_method; content:"?m="; http_uri; content:"&a="; http_uri; content:"&os="; http_uri; content:"&ComPut="; http_uri; fast_pattern; content:!"User-Agent|3a| "; http_header; content:!"360safe.com"; http_header; reference:url,doc.emergingthreats.net/2008433; classtype:trojan-activity; sid:2008433; rev:10;)

Added 2016-11-01 18:39:18 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Pandex checkin detected"; flow:established,to_server; content:"GET"; nocase; http_method; content:"?m="; http_uri; content:"&a="; http_uri; content:"&os="; fast_pattern; http_uri; content:!"User-Agent|3a| "; http_header; content:!"360safe.com"; http_header; reference:url,doc.emergingthreats.net/2008433; classtype:trojan-activity; sid:2008433; rev:9;)

Added 2015-01-15 16:59:52 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Pandex checkin detected"; flow:established,to_server; content:"GET"; nocase; http_method; content:"?m="; http_uri; content:"&a="; http_uri; content:"&os="; http_uri; content:!"User-Agent|3a| "; http_header; reference:url,doc.emergingthreats.net/2008433; classtype:trojan-activity; sid:2008433; rev:6;)

Added 2012-03-19 23:39:05 UTC

False positives triggered by product of 360safe.com doing GET requests like this: http://s.360safe.com/safei18n/tray.htm?m=p&cs=&a=o&spl=...

-- DavidSchweikert - 2015-01-15


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Pandex checkin detected"; flow:established,to_server; content:"GET"; http_method; content:"?m="; http_uri; content:"&a="; http_uri; content:"&os="; http_uri; content:!"User-Agent|3a| "; http_header; reference:url,doc.emergingthreats.net/2008433; classtype:trojan-activity; sid:2008433; rev:5;)

Added 2011-10-12 19:25:07 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Pandex checkin detected"; flow:established,to_server; content:"GET"; http_method; content:"?m="; http_uri; content:"&a="; http_uri; content:"&os="; http_uri; content:!"User-Agent|3a| "; http_header; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008433; sid:2008433; rev:5;)

Added 2011-09-14 22:38:34 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Pandex checkin detected"; flow:established,to_server; content:"GET"; http_method; content:"?m="; http_uri; content:"&a="; http_uri; content:"&os="; http_uri; content:!"User-Agent|3a| "; http_header; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008433; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Pandex; sid:2008433; rev:5;)

Added 2011-03-22 15:48:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Pandex checkin detected"; flow:established,to_server; content:"GET"; depth:3; http_method; content:"?m="; http_uri; content:"&a="; http_uri; content:"&os="; http_uri; content:!"User-Agent|3a| "; http_header; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008433; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Pandex; sid:2008433; rev:4;)

Added 2011-02-04 17:27:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Pandex checkin detected"; flow:established,to_server; content:"GET "; depth:4; uricontent:"?m="; uricontent:"&a="; uricontent:"&os="; content:!"|0d 0a|User-Agent\: "; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008433; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Pandex; sid:2008433; rev:2;)

Added 2009-02-13 19:30:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Pandex checkin detected"; flow:established,to_server; content:"GET "; depth:4; uricontent:"?m="; uricontent:"&a="; uricontent:"&os="; content:!"|0d 0a|User-Agent\: "; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008433; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Pandex; sid:2008433; rev:2;)

Added 2009-02-13 19:30:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Pandex checkin detected"; flow:established,to_server; content:"GET "; depth:4; uricontent:"?m="; uricontent:"&a="; uricontent:"&os="; content:!"|0d 0a|User-Agent\: "; classtype:trojan-activity; sid:2008433; rev:1;)

Added 2008-07-16 14:25:53 UTC


Topic revision: r2 - 2015-01-15 - DavidSchweikert
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats