alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Sharik/Smoke CnC? Beacon 3"; flow:established,to_server; urilen:1; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; http_request_line; content:"POST / 1.1"; depth:10; isdataat:!1,relative; fast_pattern; http_content_type; content:"application/x-www-form-urlencoded"; depth:33; isdataat:!1,relative; http_header_names; content:"|0d 0a|Content-Type|0d 0a|User-Agent|0d 0a|"; depth:28; content:!"Accept"; content:!"Referer|0d 0a|"; reference:md5,789ee114125a6e1db363b505a643c03d; classtype:trojan-activity; sid:2021632; rev:3; metadata:created_at 2015_08_14, former_category MALWARE, updated_at 2020_11_19;)

Added 2020-11-19 18:26:21 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Sharik/Smoke CnC? Beacon 3"; flow:established,to_server; urilen:1; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; http_request_line; content:"POST / 1.1"; depth:10; isdataat:!1,relative; fast_pattern; http_content_type; content:"application/x-www-form-urlencoded"; depth:33; isdataat:!1,relative; http_header_names; content:"|0d 0a|Content-Type|0d 0a|User-Agent|0d 0a|"; depth:28; content:!"Accept"; content:!"Referer|0d 0a|"; reference:md5,789ee114125a6e1db363b505a643c03d; classtype:trojan-activity; sid:2021632; rev:3; metadata:created_at 2015_08_14, former_category MALWARE, updated_at 2020_08_19;)

Added 2020-08-19 18:14:26 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Sharik/Smoke CnC? Beacon 3"; flow:established,to_server; urilen:1; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; http_request_line; content:"POST / 1.1"; depth:10; isdataat:!1,relative; fast_pattern; http_content_type; content:"application/x-www-form-urlencoded"; depth:33; isdataat:!1,relative; http_header_names; content:"|0d 0a|Content-Type|0d 0a|User-Agent|0d 0a|"; depth:28; content:!"Accept"; content:!"Referer|0d 0a|"; reference:md5,789ee114125a6e1db363b505a643c03d; classtype:trojan-activity; sid:2021632; rev:3; metadata:created_at 2015_08_14, former_category MALWARE, updated_at 2020_02_28;)

Added 2020-08-05 19:11:32 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Sharik/Smoke CnC? Beacon 3"; flow:established,to_server; urilen:1; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; http_request_line; content:"POST / 1.1"; depth:10; isdataat:!1,relative; fast_pattern; http_content_type; content:"application/x-www-form-urlencoded"; depth:33; isdataat:!1,relative; http_header_names; content:"|0d 0a|Content-Type|0d 0a|User-Agent|0d 0a|"; depth:28; content:!"Accept"; content:!"Referer|0d 0a|"; metadata: former_category MALWARE; reference:md5,789ee114125a6e1db363b505a643c03d; classtype:trojan-activity; sid:2021632; rev:3; metadata:created_at 2015_08_14, updated_at 2020_02_28;)

Added 2020-02-28 20:04:03 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Sharik/Smoke CnC? Beacon 3"; flow:established,to_server; urilen:1; content:"POST"; http_method; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:"POST / 1.1|0d 0a|Content-Type|3a 20|application/x-www-form-urlencoded|0d 0a|User-Agent|3a 20|"; depth:73; fast_pattern; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; metadata: former_category MALWARE; reference:md5,789ee114125a6e1db363b505a643c03d; classtype:trojan-activity; sid:2021632; rev:2; metadata:created_at 2015_08_14, updated_at 2015_08_14;)

Added 2019-09-19 19:26:26 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Sharik/Smoke CnC? Beacon 3"; flow:established,to_server; urilen:1; content:"POST"; http_method; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:"POST / 1.1|0d 0a|Content-Type|3a 20|application/x-www-form-urlencoded|0d 0a|User-Agent|3a 20|"; depth:73; fast_pattern; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; reference:md5,789ee114125a6e1db363b505a643c03d; classtype:trojan-activity; sid:2021632; rev:2; metadata:created_at 2015_08_14, updated_at 2015_08_14;)

Added 2018-09-13 19:51:35 UTC


Added 2018-09-13 18:00:18 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Sharik/Smoke CnC? Beacon 3"; flow:established,to_server; urilen:1; content:"POST"; http_method; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:"POST / 1.1|0d 0a|Content-Type|3a 20|application/x-www-form-urlencoded|0d 0a|User-Agent|3a 20|"; depth:73; fast_pattern; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; reference:md5,789ee114125a6e1db363b505a643c03d; classtype:trojan-activity; sid:2021632; rev:2; metadata:created_at 2015_08_14, updated_at 2015_08_14;)

Added 2017-08-07 21:16:20 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Sharik/Smoke CnC? Beacon 3"; flow:established,to_server; urilen:1; content:"POST"; http_method; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:"POST / 1.1|0d 0a|Content-Type|3a 20|application/x-www-form-urlencoded|0d 0a|User-Agent|3a 20|"; depth:73; fast_pattern; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; reference:md5,789ee114125a6e1db363b505a643c03d; classtype:trojan-activity; sid:2021632; rev:2;)

Added 2015-08-14 18:57:34 UTC



This topic: Main > 2021632
Topic revision: r1 - 2020-11-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats