alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Emold.C Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?v="; http_uri; fast_pattern; content:"&rs="; distance:0; http_uri; content:"&n="; distance:0; http_uri; content:"Windows NT 5."; http_user_agent; pcre:"/\.php\?v\x3d\d+?\x26rs\x3d(?:(?:\d+?\x2d){3})?\d+?\x26n\x3d\d/Ui"; http_header_names; content:!"Referer"; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3AWin32%2FEmold.C; reference:md5,49205774f0ff7605c226828e080238f3; classtype:trojan-activity; sid:2016251; rev:6; metadata:created_at 2011_10_19, former_category MALWARE, updated_at 2020_08_18;)

Added 2021-09-13 18:07:04 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Emold.C Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?v="; http_uri; fast_pattern; content:"&rs="; distance:0; http_uri; content:"&n="; distance:0; http_uri; content:"Windows NT 5."; http_user_agent; pcre:"/\.php\?v\x3d\d+?\x26rs\x3d(?:(?:\d+?\x2d){3})?\d+?\x26n\x3d\d/Ui"; http_header_names; content:!"Referer"; reference:url,www.threatexpert.com/report.aspx?md5=49205774f0ff7605c226828e080238f3; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3AWin32%2FEmold.C; classtype:trojan-activity; sid:2016251; rev:6; metadata:created_at 2011_10_19, former_category MALWARE, updated_at 2020_08_18;)

Added 2020-08-18 17:53:53 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Emold.C Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?v="; http_uri; fast_pattern; content:"&rs="; distance:0; http_uri; content:"&n="; distance:0; http_uri; content:"Windows NT 5."; http_user_agent; pcre:"/\.php\?v\x3d\d+?\x26rs\x3d(?:(?:\d+?\x2d){3})?\d+?\x26n\x3d\d/Ui"; http_header_names; content:!"Referer"; reference:url,www.threatexpert.com/report.aspx?md5=49205774f0ff7605c226828e080238f3; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3AWin32%2FEmold.C; classtype:trojan-activity; sid:2016251; rev:6; metadata:created_at 2011_10_19, former_category MALWARE, updated_at 2011_10_19;)

Added 2020-08-05 19:08:45 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Emold.C Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?v="; http_uri; fast_pattern; content:"&rs="; distance:0; http_uri; content:"&n="; distance:0; http_uri; content:"Windows NT 5."; http_user_agent; pcre:"/\.php\?v\x3d\d+?\x26rs\x3d(?:(?:\d+?\x2d){3})?\d+?\x26n\x3d\d/Ui"; http_header_names; content:!"Referer"; metadata: former_category MALWARE; reference:url,www.threatexpert.com/report.aspx?md5=49205774f0ff7605c226828e080238f3; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3AWin32%2FEmold.C; classtype:trojan-activity; sid:2016251; rev:6; metadata:created_at 2011_10_19, updated_at 2011_10_19;)

Added 2019-09-26 19:57:17 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Emold.C Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?v="; http_uri; fast_pattern; content:"&rs="; distance:0; http_uri; content:"&n="; distance:0; http_uri; content:"Windows NT 5."; http_user_agent; pcre:"/\.php\?v\x3d\d+?\x26rs\x3d(?:(?:\d+?\x2d){3})?\d+?\x26n\x3d\d/Ui"; http_header_names; content:!"Referer"; reference:url,www.threatexpert.com/report.aspx?md5=49205774f0ff7605c226828e080238f3; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3AWin32%2FEmold.C; classtype:trojan-activity; sid:2016251; rev:6; metadata:created_at 2011_10_19, updated_at 2011_10_19;)

Added 2018-09-13 19:46:12 UTC


Added 2018-09-13 17:57:14 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Emold.C Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?v="; http_uri; fast_pattern; content:"&rs="; distance:0; http_uri; content:"&n="; distance:0; http_uri; content:"Windows NT 5."; http_header; content:!"Referer|3a|"; http_header; pcre:"/\.php\?v\x3d\d+?\x26rs\x3d(?:(?:\d+?\x2d){3})?\d+?\x26n\x3d\d/Ui"; reference:url,www.threatexpert.com/report.aspx?md5=49205774f0ff7605c226828e080238f3; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3AWin32%2FEmold.C; classtype:trojan-activity; sid:2016251; rev:5; metadata:created_at 2011_10_19, updated_at 2011_10_19;)

Added 2017-08-07 21:09:57 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32/Emold.C Checkin"; flow:to_server,established; content:"GET"; http_method; content:".php?v="; http_uri; fast_pattern; content:"&rs="; distance:0; http_uri; content:"&n="; distance:0; http_uri; content:"Windows NT 5."; http_header; content:!"Referer|3a|"; http_header; pcre:"/\.php\?v\x3d\d+?\x26rs\x3d(?:(?:\d+?\x2d){3})?\d+?\x26n\x3d\d/Ui"; reference:url,www.threatexpert.com/report.aspx?md5=49205774f0ff7605c226828e080238f3; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3AWin32%2FEmold.C; classtype:trojan-activity; sid:2016251; rev:4;)

Added 2014-03-17 18:18:46 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32/Emold.C Checkin"; flow:to_server,established; content:"/ld.php?v="; http_uri; content:"&rs="; http_uri; content:"&n="; http_uri; pcre:"/\/ld\.php\?v\x3d\d+\x26rs\x3d((\d+\x2d){3})?\d+\x26n\x3d\d/Ui"; reference:url,www.threatexpert.com/report.aspx?md5=49205774f0ff7605c226828e080238f3; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3AWin32%2FEmold.C; classtype:trojan-activity; sid:2016251; rev:3;)

Added 2013-01-23 21:43:53 UTC


Topic revision: r1 - 2021-09-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats