Et rule 2029244 - Magic-SigExplorer

""ET TROJAN Win32/PSW.QQPass.OZV Variant Checkin""

SID: 2029244

Revision: 2

Class Type: trojan-activity

Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2020_01_09, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2020_01_09

Reference:

md5
12ff8df1941f941bab531f60a5a97556

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

Value: "/cpa"
Value: ".asp?mac="
Value: "&os="
Value: "&ip="
Value: "&dz="
Value: "&ver="

Within: 9

PCRE:

Special Options:

http_uri
http_uri
http_uri
http_uri
http_uri
http_uri

source