alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zacom/NFlog HTTP POST Connectivity Check"; flow:established,to_server; content:"POST"; http_method; content:"/STTip.asp"; http_uri; fast_pattern; content:!"Accept-"; http_header; content:!"Referer|3a|"; http_header; content:!"Content-Type|3a|"; http_header; content:"Content-Length|3a 20|0|0d 0a|"; http_header; reference:url,researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/; classtype:trojan-activity; sid:2020924; rev:2; metadata:created_at 2015_04_15, updated_at 2020_05_21;)

Added 2020-05-21 18:23:04 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zacom/NFlog HTTP POST Connectivity Check"; flow:established,to_server; content:"POST"; http_method; content:"/STTip.asp"; http_uri; fast_pattern; content:!"Accept-"; http_header; content:!"Referer|3a|"; http_header; content:!"Content-Type|3a|"; http_header; content:"Content-Length|3a 20|0|0d 0a|"; http_header; reference:url,researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/; classtype:trojan-activity; sid:2020924; rev:2; metadata:created_at 2015_04_15, updated_at 2015_04_15;)

Added 2018-09-13 19:51:02 UTC


Added 2018-09-13 17:59:57 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zacom/NFlog HTTP POST Connectivity Check"; flow:established,to_server; content:"POST"; http_method; content:"/STTip.asp"; http_uri; fast_pattern; content:!"Accept-"; http_header; content:!"Referer|3a|"; http_header; content:!"Content-Type|3a|"; http_header; content:"Content-Length|3a 20|0|0d 0a|"; http_header; reference:url,researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/; classtype:trojan-activity; sid:2020924; rev:2; metadata:created_at 2015_04_15, updated_at 2015_04_15;)

Added 2017-08-07 21:15:31 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zacom/NFlog HTTP POST Connectivity Check"; flow:established,to_server; content:"POST"; http_method; content:"/STTip.asp"; http_uri; fast_pattern; content:!"Accept-"; http_header; content:!"Referer|3a|"; http_header; content:!"Content-Type|3a|"; http_header; content:"Content-Length|3a 20|0|0d 0a|"; http_header; reference:url,researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/; classtype:trojan-activity; sid:2020924; rev:2;)

Added 2015-04-15 21:01:48 UTC


Topic revision: r1 - 2020-05-21 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats