alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Kriptovor External IP Lookup checkip.dyndns.org"; flow:established,to_server; content:"GET"; http_method; urilen:1; content:!"Referer|3a|"; http_header; content:!"Connection|3a|"; http_header; content:"Host|3a 20|checkip.dyndns.org|0d 0a|"; depth:26; http_header; fast_pattern; content:"Mozilla/5.0 (Windows|3b| U|3b| Windows NT 5.1|3b| en-US|3b| rv:x.xx) Gecko/20030504 Mozilla Firebird/0.6"; depth:92; http_user_agent; metadata: former_category MALWARE; reference:url,fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html; reference:md5,00e3b69b18bfad7980c1621256ee10fa; classtype:trojan-activity; sid:2020886; rev:4; metadata:created_at 2015_04_09, updated_at 2020_05_21;)

Added 2020-05-21 18:23:03 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Kriptovor External IP Lookup checkip.dyndns.org"; flow:established,to_server; content:"GET"; http_method; urilen:1; content:!"Referer|3a|"; http_header; content:!"Connection|3a|"; http_header; content:"Host|3a 20|checkip.dyndns.org|0d 0a|"; depth:26; http_header; fast_pattern; content:"Mozilla/5.0 (Windows|3b| U|3b| Windows NT 5.1|3b| en-US|3b| rv:x.xx) Gecko/20030504 Mozilla Firebird/0.6"; depth:92; http_user_agent; metadata: former_category MALWARE; reference:url,fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html; reference:md5,00e3b69b18bfad7980c1621256ee10fa; classtype:trojan-activity; sid:2020886; rev:4; metadata:created_at 2015_04_09, updated_at 2015_04_09;)

Added 2019-09-26 19:57:58 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Kriptovor External IP Lookup checkip.dyndns.org"; flow:established,to_server; content:"GET"; http_method; urilen:1; content:!"Referer|3a|"; http_header; content:!"Connection|3a|"; http_header; content:"Host|3a 20|checkip.dyndns.org|0d 0a|"; depth:26; http_header; fast_pattern; content:"Mozilla/5.0 (Windows|3b| U|3b| Windows NT 5.1|3b| en-US|3b| rv:x.xx) Gecko/20030504 Mozilla Firebird/0.6"; depth:92; http_user_agent; reference:url,fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html; reference:md5,00e3b69b18bfad7980c1621256ee10fa; classtype:trojan-activity; sid:2020886; rev:4; metadata:created_at 2015_04_09, updated_at 2015_04_09;)

Added 2018-09-13 19:50:59 UTC


Added 2018-09-13 17:59:56 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Kriptovor External IP Lookup checkip.dyndns.org"; flow:established,to_server; content:"GET"; http_method; urilen:1; content:!"Referer|3a|"; http_header; content:!"Connection|3a|"; http_header; content:"Host|3a 20|checkip.dyndns.org|0d 0a|"; depth:26; http_header; fast_pattern; content:"Mozilla/5.0 (Windows|3b| U|3b| Windows NT 5.1|3b| en-US|3b| rv:x.xx) Gecko/20030504 Mozilla Firebird/0.6"; depth:92; http_user_agent; reference:url,fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html; reference:md5,00e3b69b18bfad7980c1621256ee10fa; classtype:trojan-activity; sid:2020886; rev:4; metadata:created_at 2015_04_09, updated_at 2015_04_09;)

Added 2017-08-07 21:15:29 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Kriptovor External IP Lookup checkip.dyndns.org"; flow:established,to_server; content:"GET"; http_method; urilen:1; content:!"Referer|3a|"; http_header; content:!"Connection|3a|"; http_header; content:"Host|3a 20|checkip.dyndns.org|0d 0a|"; depth:26; http_header; fast_pattern; content:"Mozilla/5.0 (Windows|3b| U|3b| Windows NT 5.1|3b| en-US|3b| rv:x.xx) Gecko/20030504 Mozilla Firebird/0.6"; depth:92; http_user_agent; reference:url,fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html; reference:md5,00e3b69b18bfad7980c1621256ee10fa; classtype:trojan-activity; sid:2020886; rev:4;)

Added 2015-04-09 19:04:36 UTC



This topic: Main > 2020886
Topic revision: r1 - 2020-05-21 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats