alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zacom/NFlog HTTP POST Fake UA CnC? Beacon"; flow:established,to_server; content:"POST"; http_method; content:".asp"; http_uri; content:!"Accept-"; http_header; content:!"Referer|3a|"; http_header; content:!"Content-Type|3a|"; http_header; content:"Mozilla/4.0 (compatible|3b 20|MSIE 6.0|3b 20|Windows NT 5.0|3b 20|.NET CLR 1.1.4322|29|"; http_user_agent; depth:69; isdataat:!1,relative; fast_pattern; metadata: former_category MALWARE; reference:url,researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/; classtype:trojan-activity; sid:2020925; rev:4; metadata:created_at 2015_04_15, updated_at 2019_10_11;)

Added 2019-10-11 19:56:38 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zacom/NFlog HTTP POST Fake UA CnC? Beacon"; flow:established,to_server; content:"POST"; http_method; content:".asp"; http_uri; content:!"Accept-"; http_header; content:!"Referer|3a|"; http_header; content:!"Content-Type|3a|"; http_header; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Windows NT 5.0|3b| .NET CLR 1.1.4322|29 0d 0a|"; http_header; fast_pattern:63,20; metadata: former_category MALWARE; reference:url,researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/; classtype:trojan-activity; sid:2020925; rev:3; metadata:created_at 2015_04_15, updated_at 2015_04_15;)

Added 2019-09-19 19:26:19 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zacom/NFlog HTTP POST Fake UA CnC? Beacon"; flow:established,to_server; content:"POST"; http_method; content:".asp"; http_uri; content:!"Accept-"; http_header; content:!"Referer|3a|"; http_header; content:!"Content-Type|3a|"; http_header; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Windows NT 5.0|3b| .NET CLR 1.1.4322|29 0d 0a|"; http_header; fast_pattern:63,20; reference:url,researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/; classtype:trojan-activity; sid:2020925; rev:3; metadata:created_at 2015_04_15, updated_at 2015_04_15;)

Added 2018-09-13 19:51:02 UTC


Added 2018-09-13 17:59:57 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zacom/NFlog HTTP POST Fake UA CnC? Beacon"; flow:established,to_server; content:"POST"; http_method; content:".asp"; http_uri; content:!"Accept-"; http_header; content:!"Referer|3a|"; http_header; content:!"Content-Type|3a|"; http_header; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Windows NT 5.0|3b| .NET CLR 1.1.4322|29 0d 0a|"; http_header; fast_pattern:63,20; reference:url,researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/; classtype:trojan-activity; sid:2020925; rev:3; metadata:created_at 2015_04_15, updated_at 2015_04_15;)

Added 2017-08-07 21:15:31 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zacom/NFlog HTTP POST Fake UA CnC? Beacon"; flow:established,to_server; content:"POST"; http_method; content:".asp"; http_uri; content:!"Accept-"; http_header; content:!"Referer|3a|"; http_header; content:!"Content-Type|3a|"; http_header; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Windows NT 5.0|3b| .NET CLR 1.1.4322|29 0d 0a|"; http_header; fast_pattern:63,20; reference:url,researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/; classtype:trojan-activity; sid:2020925; rev:3;)

Added 2015-04-15 21:01:48 UTC


Topic revision: r1 - 2019-10-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats