alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Possible Maldoc Retrieving Dridex from pastebin"; flow:established,to_server; content:"GET"; http_method; content:"/raw.php?i="; depth:11; http_uri; fast_pattern; content:!"Referer|3a|"; http_header; content:"Host|3a 20|pastebin.com|0d 0a|"; http_header; content:"Mozilla/4.0 (compatible|3b| Win32|3b| WinHttpRequest?.5)"; depth:57; http_user_agent; reference:md5,07523de32e43f67b1bbd5edc87803d5c; classtype:trojan-activity; sid:2020892; rev:4; metadata:created_at 2015_04_10, updated_at 2020_05_21;)

Added 2020-05-21 18:23:03 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Possible Maldoc Retrieving Dridex from pastebin"; flow:established,to_server; content:"GET"; http_method; content:"/raw.php?i="; depth:11; http_uri; fast_pattern; content:!"Referer|3a|"; http_header; content:"Host|3a 20|pastebin.com|0d 0a|"; http_header; content:"Mozilla/4.0 (compatible|3b| Win32|3b| WinHttpRequest?.5)"; depth:57; http_user_agent; reference:md5,07523de32e43f67b1bbd5edc87803d5c; classtype:trojan-activity; sid:2020892; rev:4; metadata:created_at 2015_04_10, updated_at 2015_04_10;)

Added 2018-09-13 19:51:00 UTC


Added 2018-09-13 17:59:56 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Possible Maldoc Retrieving Dridex from pastebin"; flow:established,to_server; content:"GET"; http_method; content:"/raw.php?i="; depth:11; http_uri; fast_pattern; content:!"Referer|3a|"; http_header; content:"Host|3a 20|pastebin.com|0d 0a|"; http_header; content:"Mozilla/4.0 (compatible|3b| Win32|3b| WinHttpRequest?.5)"; depth:57; http_user_agent; reference:md5,07523de32e43f67b1bbd5edc87803d5c; classtype:trojan-activity; sid:2020892; rev:4; metadata:created_at 2015_04_10, updated_at 2015_04_10;)

Added 2017-08-07 21:15:29 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Possible Maldoc Retrieving Dridex from pastebin"; flow:established,to_server; content:"GET"; http_method; content:"/raw.php?i="; depth:11; http_uri; fast_pattern; content:!"Referer|3a|"; http_header; content:"Host|3a 20|pastebin.com|0d 0a|"; http_header; content:"Mozilla/4.0 (compatible|3b| Win32|3b| WinHttpRequest?.5)"; depth:57; http_user_agent; reference:md5,07523de32e43f67b1bbd5edc87803d5c; classtype:trojan-activity; sid:2020892; rev:4;)

Added 2015-04-10 20:40:06 UTC



This topic: Main > 2020892
Topic revision: r1 - 2020-05-21 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats