ET MALWARE Win32/Wombot.A checkin Possible Bruteforcer for Web Forms and Accounts - HTTP POST - Suricata Rule 2009830 (et/open)

ET MALWARE Win32/Wombot.A checkin Possible Bruteforcer for Web Forms and Accounts - HTTP POST

SID: 2009830Rev: 83 viewsHistory

Sourceet/open

CreatedJuly 30, 2010

UpdatedMarch 5, 2024

Classificationcommand-and-control

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Wombot.A checkin Possible Bruteforcer for Web Forms and Accounts - HTTP POST"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"&ver="; content:"&MAX_EXECUTE_TIME="; fast_pattern; content:"&RELOAD_JOBS="; content:"&BROWSER_DELAY="; content:"&CONTROL_PAGE"; content:"&lastlogcount"; content:"&min_captchasize"; content:"&botid"; content:"&REG_NAME"; content:"&botlogin="; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FWombot.A; classtype:command-and-control; sid:2009830; rev:8; metadata:created_at 2010_07_30, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_05;)

References

url	www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FWombot.A

Metadata

created at2010_07_30

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2024_03_05

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!