alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Dyreza RAT Checkin 3"; flow:established,to_server; content:"GET"; http_method; content:"_W"; http_uri; content:"|2e|"; distance:6; within:1; http_uri; content:"/replace/"; http_uri; fast_pattern; content:!"Accept|3a|"; http_header; content:!"Connection|3a|"; http_header; content:!"Referer|3a|"; http_header; reference:md5,4d1d43789e038c6a03c07083ca0b0809; reference:url,phishme.com/project-dyre-new-rat-slurps-bank-credentials-bypasses-ssl/; classtype:trojan-activity; sid:2018749; rev:7; metadata:created_at 2014_07_21, former_category MALWARE, updated_at 2020_11_19;)

Added 2020-11-19 18:26:20 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Dyreza RAT Checkin 3"; flow:established,to_server; content:"GET"; http_method; content:"_W"; http_uri; content:"|2e|"; distance:6; within:1; http_uri; content:"/replace/"; http_uri; fast_pattern; content:!"Accept|3a|"; http_header; content:!"Connection|3a|"; http_header; content:!"Referer|3a|"; http_header; reference:md5,4d1d43789e038c6a03c07083ca0b0809; reference:url,phishme.com/project-dyre-new-rat-slurps-bank-credentials-bypasses-ssl/; classtype:trojan-activity; sid:2018749; rev:7; metadata:created_at 2014_07_21, former_category MALWARE, updated_at 2020_08_19;)

Added 2020-08-19 18:14:23 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Dyreza RAT Checkin 3"; flow:established,to_server; content:"GET"; http_method; content:"_W"; http_uri; content:"|2e|"; distance:6; within:1; http_uri; content:"/replace/"; http_uri; fast_pattern; content:!"Accept|3a|"; http_header; content:!"Connection|3a|"; http_header; content:!"Referer|3a|"; http_header; reference:md5,4d1d43789e038c6a03c07083ca0b0809; reference:url,phishme.com/project-dyre-new-rat-slurps-bank-credentials-bypasses-ssl/; classtype:trojan-activity; sid:2018749; rev:7; metadata:created_at 2014_07_21, former_category MALWARE, updated_at 2019_10_07;)

Added 2020-08-05 19:09:59 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Dyreza RAT Checkin 3"; flow:established,to_server; content:"GET"; http_method; content:"_W"; http_uri; content:"|2e|"; distance:6; within:1; http_uri; content:"/replace/"; http_uri; fast_pattern:only; content:!"Accept|3a|"; http_header; content:!"Connection|3a|"; http_header; content:!"Referer|3a|"; http_header; metadata: former_category MALWARE; reference:md5,4d1d43789e038c6a03c07083ca0b0809; reference:url,phishme.com/project-dyre-new-rat-slurps-bank-credentials-bypasses-ssl/; classtype:trojan-activity; sid:2018749; rev:6; metadata:created_at 2014_07_21, updated_at 2019_10_07;)

Added 2019-10-07 19:58:46 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Dyreza RAT Checkin 3"; flow:established,to_server; content:"GET"; http_method; content:"_W"; http_uri; content:"|2e|"; distance:6; within:1; http_uri; content:"/replace/"; http_uri; fast_pattern:only; content:!"Accept|3a|"; http_header; content:!"Connection|3a|"; http_header; content:!"Referer|3a|"; http_header; metadata: former_category MALWARE; reference:md5,4d1d43789e038c6a03c07083ca0b0809; reference:url,phishme.com/project-dyre-new-rat-slurps-bank-credentials-bypasses-ssl/; classtype:trojan-activity; sid:2018749; rev:6; metadata:created_at 2014_07_21, updated_at 2014_07_21;)

Added 2019-09-26 19:57:40 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Dyreza RAT Checkin 3"; flow:established,to_server; content:"GET"; http_method; content:"_W"; http_uri; content:"|2e|"; distance:6; within:1; http_uri; content:"/replace/"; http_uri; fast_pattern:only; content:!"Accept|3a|"; http_header; content:!"Connection|3a|"; http_header; content:!"Referer|3a|"; http_header; reference:md5,4d1d43789e038c6a03c07083ca0b0809; reference:url,phishme.com/project-dyre-new-rat-slurps-bank-credentials-bypasses-ssl/; classtype:trojan-activity; sid:2018749; rev:6; metadata:created_at 2014_07_21, updated_at 2014_07_21;)

Added 2018-09-13 19:48:59 UTC


Added 2018-09-13 17:58:48 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Dyreza RAT Checkin 3"; flow:established,to_server; content:"GET"; http_method; content:"_W"; http_uri; content:"|2e|"; distance:6; within:1; http_uri; content:"/replace/"; http_uri; fast_pattern:only; content:!"Accept|3a|"; http_header; content:!"Connection|3a|"; http_header; content:!"Referer|3a|"; http_header; reference:md5,4d1d43789e038c6a03c07083ca0b0809; reference:url,phishme.com/project-dyre-new-rat-slurps-bank-credentials-bypasses-ssl/; classtype:trojan-activity; sid:2018749; rev:6; metadata:created_at 2014_07_21, updated_at 2014_07_21;)

Added 2017-08-07 21:12:53 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32.Androm.dtrv Checkin 3"; flow:established,to_server; content:"GET"; http_method; content:"_W"; http_uri; content:"|2e|"; distance:6; within:1; http_uri; content:"/replace/"; http_uri; fast_pattern:only; content:!"Accept|3a|"; http_header; content:!"Connection|3a|"; http_header; content:!"Referer|3a|"; http_header; reference:md5,4d1d43789e038c6a03c07083ca0b0809; classtype:trojan-activity; sid:2018749; rev:5;)

Added 2014-07-23 16:28:52 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32.Androm.dtrv Checkin 3"; flow:established,to_server; content:"GET"; http_method; content:"/cho"; depth:4; http_uri; content:"/replace/"; http_uri; fast_pattern:only; content:!"Accept|3a|"; http_header; content:!"Connection|3a|"; http_header; content:!"Referer|3a|"; http_header; reference:md5,4d1d43789e038c6a03c07083ca0b0809; classtype:trojan-activity; sid:2018749; rev:3;)

Added 2014-07-21 18:45:23 UTC


Topic revision: r1 - 2020-11-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats