Versions (4)
Version DetailsCurrent
Rev: 7 • Mar 1, 2013, 12:00 PMET MALWARE Win32/Travnet.A Checkin
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Travnet.A Checkin"; flow:to_server,established; http.uri; content:".asp?hostid="; content:"&hostname="; content:"&hostip="; content:"&filename="; content:"&filestart="; content:"&filetext=begin|3a 3a|"; fast_pattern; pcre:"/\?hostid=[0-9A-F]+?&/"; http.header_names; content:!"Referer|0d 0a|"; reference:md5,d04a7f30c83290b86cac8d762dcc2df5; reference:md5,cb9cc50b18a7c91cf4a34c624b90db5d; reference:url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AWin32%2FTravnet.A; reference:url,blogs.mcafee.com/mcafee-labs/travnet-botnet-steals-huge-amount-of-sensitive-data; reference:url,www.securelist.com/en/downloads/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf; classtype:command-and-control; sid:2016968; rev:7; metadata:created_at 2013_03_01, malware_family Win32_Travnet_A, signature_severity Major, updated_at 2020_09_18;)
Mar 1, 2013, 12:00 PM
Sep 18, 2020, 12:00 PM
Mar 1, 2013, 12:00 PM
Sep 16, 2024, 11:00 PM
rules/emerging-malware.rules