ET DELETED W32/Bifrose.Backdoor Checkin Attempt via Facebook

SID: 2014404Rev: 30 views
History
Sourceet/open
CreatedMarch 20, 2012
UpdatedJuly 26, 2019
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED W32/Bifrose.Backdoor Checkin Attempt via Facebook"; flow:established,to_server; content:"POST"; nocase; http_method; content:"/omaha/update.php?"; http_uri; content:"User-Agent|3A 20|Facebook Update/"; http_header; content:"winhttp|3b|"; http_header; reference:md5,61661202e320dd91e4f7e4a10616eefc; classtype:trojan-activity; sid:2014404; rev:3; metadata:created_at 2012_03_20, signature_severity Unknown, updated_at 2019_07_26;)

References

md5
61661202e320dd91e4f7e4a10616eefc
Google SearchBrave Search

Metadata

created at2012_03_20
signature severityUnknown
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!