ET MALWARE Win32/Travnet.A Checkin

SID: 2016968Rev: 71 views
History
Sourceet/open
CreatedMarch 1, 2013
UpdatedSeptember 18, 2020
Classificationcommand-and-control
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Travnet.A Checkin"; flow:to_server,established; http.uri; content:".asp?hostid="; content:"&hostname="; content:"&hostip="; content:"&filename="; content:"&filestart="; content:"&filetext=begin|3a 3a|"; fast_pattern; pcre:"/\?hostid=[0-9A-F]+?&/"; http.header_names; content:!"Referer|0d 0a|"; reference:md5,d04a7f30c83290b86cac8d762dcc2df5; reference:md5,cb9cc50b18a7c91cf4a34c624b90db5d; reference:url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AWin32%2FTravnet.A; reference:url,blogs.mcafee.com/mcafee-labs/travnet-botnet-steals-huge-amount-of-sensitive-data; reference:url,www.securelist.com/en/downloads/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf; classtype:command-and-control; sid:2016968; rev:7; metadata:created_at 2013_03_01, malware_family Win32_Travnet_A, signature_severity Major, updated_at 2020_09_18;)

References

md5
d04a7f30c83290b86cac8d762dcc2df5
Google SearchBrave Search
md5
cb9cc50b18a7c91cf4a34c624b90db5d
Google SearchBrave Search
urlwww.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AWin32%2FTravnet.A
urlblogs.mcafee.com/mcafee-labs/travnet-botnet-steals-huge-amount-of-sensitive-data
urlwww.securelist.com/en/downloads/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf

Metadata

created at2013_03_01
malware familyWin32_Travnet_A
signature severityMajor
updated at2020_09_18

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!