ET MALWARE Kuluoz / Asprox checkin

SID: 2018739Rev: 40 views
History
Sourceet/open
CreatedJuly 18, 2014
UpdatedSeptember 24, 2020
Classificationcommand-and-control
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Kuluoz / Asprox checkin"; flow:established,to_server; http.uri; content:"/api/"; fast_pattern; pcre:"/^\/(?:components|wp-content|tmp)/api/[a-zA-Z0-9\/\x20]{43}=\/(?:toll|inv|notice|get_label)$/"; reference:url,garwarner.blogspot.com/2014/07/e-zpass-spam-leads-to-location-aware.html; reference:url,blog.malcovery.com/blog/more-information-on-this-weeks-e-zpass-scam; classtype:command-and-control; sid:2018739; rev:4; metadata:created_at 2014_07_18, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_24;)

References

urlgarwarner.blogspot.com/2014/07/e-zpass-spam-leads-to-location-aware.html
urlblog.malcovery.com/blog/more-information-on-this-weeks-e-zpass-scam

Metadata

created at2014_07_18
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2020_09_24

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!