alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Suspicious Malformed Double Accept Header"; flow:established,to_server; content:"Accept|3a| Accept|3a| "; http_header; content:!"-DRM"; http_user_agent; content:!"buhphone.ru|0d 0a|"; http_header; content:!"Host|3a 20|www.backupmaker.com"; http_header; nocase; content:!"ati.com|0d 0a|"; http_header; nocase; reference:url,doc.emergingthreats.net/2008975; classtype:trojan-activity; sid:2008975; rev:14;)

Added 2016-06-27 17:13:11 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Suspicious Malformed Double Accept Header"; flow:established,to_server; content:"Accept|3a| Accept|3a| "; http_header; content:!"-DRM"; http_user_agent; content:!"buhphone.ru|0d 0a|"; http_header; content:!"Host|3a 20|www.backupmaker.com"; http_header; nocase; content:!"ati.com|0d 0a|"; http_header; nocase; reference:url,doc.emergingthreats.net/2008975; classtype:trojan-activity; sid:2008975; rev:14;)

Added 2016-06-27 17:11:48 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Suspicious Malformed Double Accept Header"; flow:established,to_server; content:"Accept|3a| Accept|3a| "; http_header; content:!"-DRM"; http_user_agent; content:!"buhphone.ru|0d 0a|"; http_header; content:!"Host|3a 20|www.backupmaker.com"; http_header; nocase; reference:url,doc.emergingthreats.net/2008975; classtype:trojan-activity; sid:2008975; rev:13;)

Added 2015-08-18 19:40:26 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Suspicious Malformed Double Accept Header"; flow:established,to_server; content:"Accept|3a| Accept|3a| "; http_header; content:!"-DRM"; http_user_agent; content:!"buhphone.ru|0d 0a|"; http_header; content:!"Host|3a 20|www.backupmaker.com"; http_header; nocase; reference:url,doc.emergingthreats.net/2008975; classtype:trojan-activity; sid:2008975; rev:13;)

Added 2015-08-18 19:30:34 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Suspicious Malformed Double Accept Header"; flow:established,to_server; content:"Accept|3a| Accept|3a| "; http_header; content:!"-DRM"; http_user_agent; content:!"buhphone.ru|0d 0a|"; http_header; content:!"Host|3a 20|www.backupmaker.com"; http_header; nocase; reference:url,doc.emergingthreats.net/2008975; classtype:trojan-activity; sid:2008975; rev:13;)

Added 2015-08-18 19:18:38 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Suspicious Malformed Double Accept Header"; flow:established,to_server; content:"Accept|3a| Accept|3a| "; http_header; content:!"-DRM"; http_header; content:!"buhphone.ru|0d 0a|"; http_header; reference:url,doc.emergingthreats.net/2008975; classtype:trojan-activity; sid:2008975; rev:11;)

Added 2013-12-23 17:29:57 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Suspicious Malformed Double Accept Header"; flow:established,to_server; content:"Accept|3a| Accept|3a| "; http_header; content:!"-DRM"; http_header; reference:url,doc.emergingthreats.net/2008975; classtype:trojan-activity; sid:2008975; rev:10;)

Added 2013-04-30 21:38:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Suspicious Malformed Double Accept Header"; flow:established,to_server; content:"Accept|3a| Accept|3a| "; http_header; content:!"User-Agent|3A| Windows-Media-DRM"; http_header; reference:url,doc.emergingthreats.net/2008975; classtype:trojan-activity; sid:2008975; rev:9;)

Added 2013-04-19 18:42:48 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Suspicious Malformed Double Accept Header"; flow:established,to_server; content:"Accept|3a| Accept|3a| "; http_header; reference:url,doc.emergingthreats.net/2008975; classtype:trojan-activity; sid:2008975; rev:8;)

Added 2012-10-01 21:48:06 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Malformed Double Accept header - Likely Trojan-PWS.Win32.QQPass"; flow:established,to_server; content:"POST"; nocase; http_method; content:"Accept|3a| Accept|3a| "; http_header; reference:url,doc.emergingthreats.net/2008975; classtype:trojan-activity; sid:2008975; rev:7;)

Added 2012-09-28 00:08:31 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Malformed Double Accept header - Likely Trojan-PWS.Win32.QQPass"; flow:established,to_server; content:"POST"; nocase; http_method; content:"Accept|3a| Accept|3a| "; http_header; pcre:"/^Accept\x3A\sAccept\x3A[^\r\n]*\d+,\s/[A-z0-9\.]+,\s[A-z0-9\.]+/Hmi"; reference:url,doc.emergingthreats.net/2008975; classtype:trojan-activity; sid:2008975; rev:5;)

Added 2012-03-16 17:34:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Malformed Double Accept header - Likely Trojan-PWS.Win32.QQPass"; flow:established,to_server; content:"POST"; depth:4; content:"Accept|3a| Accept|3a| "; http_header; pcre:"/^Accept\x3A\sAccept\x3A[^\r\n]*\d+,\s/[A-z0-9\.]+,\s[A-z0-9\.]+/Hmi"; reference:url,doc.emergingthreats.net/2008975; classtype:trojan-activity; sid:2008975; rev:4;)

Added 2011-10-12 19:26:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Malformed Double Accept header - Likely Trojan-PWS.Win32.QQPass"; flow:established,to_server; content:"POST"; depth:4; content:"Accept|3a| Accept|3a| "; http_header; pcre:"/^Accept\x3A\sAccept\x3A[^\r\n]*\d+,\s/[A-z0-9\.]+,\s[A-z0-9\.]+/Hmi"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008975; sid:2008975; rev:4;)

Added 2011-09-14 22:39:44 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Malformed Double Accept header - Likely Trojan-PWS.Win32.QQPass"; flow:established,to_server; content:"POST"; depth:4; content:"Accept|3a| Accept|3a| "; http_header; pcre:"/^Accept\x3A\sAccept\x3A[^\r\n]*\d+,\s/[A-z0-9\.]+,\s[A-z0-9\.]+/Hmi"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008975; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_General; sid:2008975; rev:4;)

Added 2011-02-04 17:28:13 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Malformed Double Accept header - Likely Trojan-PWS.Win32.QQPass"; flow:established,to_server; content:"POST "; depth:5; content:"|0d 0a|Accept\: Accept\: "; pcre:"/^Accept\x3A\sAccept\x3A[^\r\n]*\d+,\s/[A-z0-9\.]+,\s[A-z0-9\.]+/smi"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008975; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_General; sid:2008975; rev:3;)

Added 2009-02-12 18:21:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Malformed Double Accept header - Likely Trojan-PWS.Win32.QQPass"; flow:established,to_server; content:"POST "; depth:5; content:"|0d 0a|Accept\: Accept\: "; pcre:"/^Accept\x3A\sAccept\x3A[^\r\n]*\d+,\s/[A-z0-9\.]+,\s[A-z0-9\.]+/smi"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008975; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_General; sid:2008975; rev:3;)

Added 2009-02-12 18:21:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Malformed Double Accept header - Likely Trojan-PWS.Win32.QQPass"; flow:established,to_server; content:"POST "; depth:5; content:"|0d 0a|Accept\: Accept\: "; pcre:"/^Accept\x3A\sAccept\x3A[^\r\n]*\d+,\s/[A-z0-9\.]+,\s[A-z0-9\.]+/smi"; classtype:trojan-activity; sid:2008975; rev:2;)

Added 2009-01-09 14:00:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Malformed Double Accept header - Likely Trojan-PWS.Win32.QQPass"; flow:established,to_server; content:"POST "; depth:5; content:"|0d 0a|Accept\: Accept\: "; pcre:"/^Accept\x3A\sAccept\x3A[^\r\n]*\d+,\s/[A-z0-9\.]+,\s[A-z0-9\.]+/smi"; classtype:trojan-activity; sid:2008975; rev:2;)

Added 2009-01-09 14:00:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Malformed Double Accept header - Likely Trojan-PWS.Win32.QQPass"; flow:established,to_server; content:"POST "; depth:5; content:"|0d 0a|Accept\: Accept\: "; pcre:"/^Accept\x3A\sAccept\x3A[^\r\n]*\d+,\s/[A-z0-9\.]+,\s[A-z0-9\.]+/smi"; classtype:trojan-activity; sid:2008975; rev:1;)

Added 2009-01-09 10:15:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Malformed Double Accept header - Likely Trojan-PWS.Win32.QQPass"; flow:established,to_server; content:"POST "; depth:5; content:"|0d 0a|Accept\: Accept\: "; pcre:"/^Accept\x3A\sAccept\x3A[^\r\n]*\d+,\s/[A-z0-9\.]+,\s[A-z0-9\.]+/smi"; classtype:trojan-activity; sid:2008975; rev:1;)

Added 2009-01-09 10:15:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN HTTP Post with Double Accept header - Likely Trojan Activity"; flow:established,to_server; content:"POST "; depth:5; content:"|0d 0a|Accept\: Accept\: "; within:200; classtype:trojan-activity; sid:2008975; rev:1;)

Added 2009-01-04 08:15:22 UTC


Topic revision: r1 - 2016-06-27 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats