""ET MALWARE Suspected Adware/AccessMembre Checkin M3""

SID: 2047753

Revision: 1

Class Type: trojan-activity

Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2023_08_25, deployment Perimeter, malware_family AccessMembre, performance_impact Low, confidence Medium, signature_severity Minor, tag PUP, updated_at 2023_08_25

Reference:

  • md5

  • e8d445f362ba21571cdb980d1e05318c

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

  • Value: "GET"

  • Value: ".asp?pid="

  • Value: "&mac="

  • Value: "&dup2="

  • Value: "&os="

Within:

PCRE: "/&mac=[A-F0-9]{12}/U"

Special Options:

  • http_method

  • http_uri

  • fast_pattern

  • http_uri

  • http_uri

  • http_uri

source