security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ffdf312932efd86bbf10f56af7edabfcce05b585
blue-team-tools/rules/proxy/proxy_chafer_malware.yml
T
Florian Roth f8d8eb7948 Update proxy_chafer_malware.yml
2019-10-21 11:19:59 +02:00

21 lines
435 B
YAML
Raw Blame History

title: Chafer Malware URL Pattern
status: experimental
description: Detects HTTP requests used by Chafer malware
references:
- https://securelist.com/chafer-used-remexi-malware/89538/
author: Florian Roth
date: 2019/01/31
logsource:
category: proxy
detection:
selection:
c-uri: '*/asp.asp?ui=*'
condition: selection
fields:
- ClientIP
- URL
- UserAgent
falsepositives:
- Unknown
level: critical
Reference in New Issue View Git Blame Copy Permalink