""ET TROJAN Worm.Win32.Vobfus Checkin 3""
SID: 2018958
Revision: 18
Class Type: trojan-activity
Metadata: created_at 2013_03_25, performance_impact Significant, updated_at 2024_04_22
Reference:
-
md5
-
a2049adc2834d797b37f45382608f2b4
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: established,to_server
Contents:
-
Value: !"Accept-Language|3a|"
-
Value: !"Referer"
-
Value: "GET /" Depth: 5
-
Value: "|3f|"
-
Value: "User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE|20|"
-
Value: !"Host|3a 20|www.pinterest.com"
Within: 21
PCRE: "/^GET \/[a-zA-Z0-9]{1,19}\/?\?[abdeijhg\x22](\x7C\x2d?\d+?[^\*+\=|\:\
Special Options:
- \x22\?\<>\,#][a-zA-Z0-9-!@#\$%^&()\x20_{}.~]{1,14})?\x20HTTP\/1.1/"