alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Kriptovor Retrieving RAR Payload"; flow:established,to_server; content:"GET"; http_method; content:".rar"; http_uri; content:!"Referer|3a|"; http_header; content:!"Connection|3a|"; http_header; content:"Mozilla/5.0 (Windows|3b| U|3b| Windows NT 6.1|3b| en-us|3b| rv:1.9.2.3) Gecko/20100401 YFF35 Firefox/3.6.3"; depth:94; http_user_agent; fast_pattern:74,20; pcre:"/\.rar$/U"; reference:url,fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html; reference:md5,c3ab87f85ca07a7d026d3cbd54029bbe; classtype:trojan-activity; sid:2020885; rev:3; metadata:created_at 2015_04_09, updated_at 2020_05_21;)

Added 2020-05-21 18:23:03 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Kriptovor Retrieving RAR Payload"; flow:established,to_server; content:"GET"; http_method; content:".rar"; http_uri; content:!"Referer|3a|"; http_header; content:!"Connection|3a|"; http_header; content:"Mozilla/5.0 (Windows|3b| U|3b| Windows NT 6.1|3b| en-us|3b| rv:1.9.2.3) Gecko/20100401 YFF35 Firefox/3.6.3"; depth:94; http_user_agent; fast_pattern:74,20; pcre:"/\.rar$/U"; reference:url,fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html; reference:md5,c3ab87f85ca07a7d026d3cbd54029bbe; classtype:trojan-activity; sid:2020885; rev:3; metadata:created_at 2015_04_09, updated_at 2015_04_09;)

Added 2018-09-13 19:50:59 UTC


Added 2018-09-13 17:59:56 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Kriptovor Retrieving RAR Payload"; flow:established,to_server; content:"GET"; http_method; content:".rar"; http_uri; content:!"Referer|3a|"; http_header; content:!"Connection|3a|"; http_header; content:"Mozilla/5.0 (Windows|3b| U|3b| Windows NT 6.1|3b| en-us|3b| rv:1.9.2.3) Gecko/20100401 YFF35 Firefox/3.6.3"; depth:94; http_user_agent; fast_pattern:74,20; pcre:"/\.rar$/U"; reference:url,fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html; reference:md5,c3ab87f85ca07a7d026d3cbd54029bbe; classtype:trojan-activity; sid:2020885; rev:3; metadata:created_at 2015_04_09, updated_at 2015_04_09;)

Added 2017-08-07 21:15:29 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Kriptovor Retrieving RAR Payload"; flow:established,to_server; content:"GET"; http_method; content:".rar"; http_uri; content:!"Referer|3a|"; http_header; content:!"Connection|3a|"; http_header; content:"Mozilla/5.0 (Windows|3b| U|3b| Windows NT 6.1|3b| en-us|3b| rv:1.9.2.3) Gecko/20100401 YFF35 Firefox/3.6.3"; depth:94; http_user_agent; fast_pattern:74,20; pcre:"/\.rar$/U"; reference:url,fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html; reference:md5,c3ab87f85ca07a7d026d3cbd54029bbe; classtype:trojan-activity; sid:2020885; rev:3;)

Added 2015-04-09 19:04:36 UTC



This topic: Main > 2020885
Topic revision: r1 - 2020-05-21 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats