EditAttachPrintable
r3 - 21 Jan 2008 - 16:19:56 - MattJonkmanYou are here: TWiki >  Main Web > 2007753

alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET TROJAN Saturn Proxy C&C Activity"; flow:established,from_server; dsize:12; content:"|2d 00 00 00|"; offset:0; depth:4; content:"|00 00 55 00 00 00|"; distance:2; classtype:trojan-activity; sid:2007753; rev:2;)

Added 2008-01-31 10:12:23 UTC

 

alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET TROJAN Saturn Proxy C&C Activity"; flow:established,from_server; dsize:12; content:"|2d 00 00 00|"; offset:0; depth:4; content:"|00 00 55 00 00 00|"; distance:2; classtype:trojan-activity; sid:2007753; rev:2;)

Added 2008-01-31 10:12:23 UTC

alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"BLEEDING-EDGE TROJAN Saturn Proxy C&C Activity"; flow:established,from_server; dsize:12; content:"|2d 00 00 00|"; offset:0; depth:4; content:"|00 00 55 00 00 00|"; distance:2; classtype:trojan-activity; sid:2007753; rev:1;)

Added 2008-01-10 20:12:09 UTC

http://www.emergingthreats.net/index.php?option=com_content&task=view&id=29&Itemid=1

-- MattJonkman - 11 Jan 2008

Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r3 < r2 < r1 | More topic actions
 
Emerging Threats
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback