ET MALWARE WindowsEnterpriseSuite FakeAV Reporting via POST initial check-in

SID: 2010246Rev: 90 views
History
Sourceet/open
CreatedJuly 30, 2010
UpdatedMarch 8, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE WindowsEnterpriseSuite FakeAV Reporting via POST initial check-in"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/MicroinstallServiceReport.php"; fast_pattern; http.request_body; content:"report="; content:"&pid="; content:"&wv="; pcre:"/report=\d+&pid=\d+&wv=[A-Za-z0-9]/"; reference:md5,d9bcb4e4d650a6ed4402fab8f9ef1387; classtype:trojan-activity; sid:2010246; rev:9; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2024_03_08;)

References

md5
d9bcb4e4d650a6ed4402fab8f9ef1387
Google SearchBrave Search

Metadata

created at2010_07_30
signature severityMajor
updated at2024_03_08

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!