alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Possible Sharik/Smoke Loader Microsoft Connectivity check"; flow:established,to_server; content:"GET"; http_method; content:"/kb/"; http_uri; depth:4; fast_pattern; pcre:"/^\d{4,8}$/UR"; http_header_names; content:!"Referer"; content:"User-Agent"; content:!"Accept"; metadata: former_category TROJAN; reference:md5,7e604b9e059d054d58c91330d4d88c62; classtype:trojan-activity; sid:2025120; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag Smoke_Loader, signature_severity Major, created_at 2017_12_05, updated_at 2017_12_05;)

Added 2017-12-06 16:36:38 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Possible Sharik/Smoke Loader Microsoft Connectivity check"; flow:established,to_server; content:"GET"; http_method; content:"/kb/"; http_uri; depth:4; fast_pattern; pcre:"/^\d{4,8}$/UR"; http_header_names; content:!"Referer"; content:!"Accept"; metadata: former_category TROJAN; reference:md5,7e604b9e059d054d58c91330d4d88c62; classtype:trojan-activity; sid:2025120; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag Smoke_Loader, signature_severity Major, created_at 2017_12_05, updated_at 2017_12_05;)

Added 2017-12-05 16:50:38 UTC


Topic revision: r1 - 2017-12-06 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats