EditAttachPrintable
r2 - 09 Mar 2008 - 02:19:43 - MattJonkmanYou are here: TWiki >  Main Web > 2007949

alert udp $HOME_NET any -> $EXTERNAL_NET 6990:6999 (msg:"ET TROJAN Medbod UDP Phone Home Packet"; dsize:<50; content:"ebex"; nocase; pcre:"/\x06\x00?$/"; classtype:trojan-activity; sid:2007949; rev:5;)

Added 2008-06-24 23:26:43 UTC

 

alert udp $HOME_NET any -> $EXTERNAL_NET 6990:6999 (msg:"ET TROJAN Medbod UDP Phone Home Packet"; dsize:<50; content:"ebex"; nocase; pcre:"/\x06\x00?$/"; classtype:trojan-activity; sid:2007949; rev:5;)

Added 2008-06-24 23:26:43 UTC

alert udp $HOME_NET any -> $EXTERNAL_NET 6990:6999 (msg:"ET TROJAN Medbod UDP Phone Home Packet"; dsize:<50; content:"ebex"; nocase; pcre:"/\x06\x00?$/"; classtype:trojan-activity; sid:2007949; rev:5;)

Added 2008-06-24 23:24:11 UTC

alert udp $HOME_NET any -> $EXTERNAL_NET 6990:6999 (msg:"ET TROJAN Medbod UDP Phone Home Packet"; dsize:<50; content:"ebex"; nocase; pcre:"/\x06\x00?$/"; classtype:trojan-activity; sid:2007949; rev:5;)

Added 2008-06-24 23:24:11 UTC

alert udp $HOME_NET 1024: -> $EXTERNAL_NET 6990:6999 (msg:"ET TROJAN Medbod UDP Phone Home Packet"; dsize:<50; content:"ebex"; nocase; pcre:"/\x06\x00?$/"; classtype:trojan-activity; sid:2007949; rev:4;)

Added 2008-03-18 22:19:54 UTC

alert udp $HOME_NET 1024: -> $EXTERNAL_NET 6990:6999 (msg:"ET TROJAN Medbod UDP Phone Home Packet"; dsize:<50; content:"ebex"; nocase; pcre:"/\x06\x00?$/"; classtype:trojan-activity; sid:2007949; rev:4;)

Added 2008-03-18 22:19:54 UTC

alert udp $HOME_NET 1024: -> $EXTERNAL_NET 6990:6999 (msg:"ET TROJAN Medbod UDP Phone Home Packet - Please report hits to emerging@emergingthreats.net for analysis"; dsize:<50; content:"ebex"; nocase; pcre:"/\x06\x00?$/"; classtype:trojan-activity; sid:2007949; rev:3;)

Added 2008-03-10 14:34:49 UTC

alert udp $HOME_NET 1024: -> $EXTERNAL_NET 6990:6999 (msg:"ET TROJAN Medbod UDP Phone Home Packet - Please report hits to emerging@emergingthreats.net for analysis"; dsize:<50; content:"ebex"; nocase; pcre:"/\x06\x00?$/"; classtype:trojan-activity; sid:2007949; rev:3;)

Added 2008-03-10 14:34:49 UTC

alert udp $HOME_NET 1024: -> $EXTERNAL_NET 6990:7000 (msg:"ET TROJAN Medbod UDP Phone Home Packet - Please report hits to emerging@emergingthreats.net for analysis"; dsize:<50; content:"ebex"; nocase; classtype:trojan-activity; sid:2007949; rev:2;)

Added 2008-03-08 21:16:18 UTC

See Win32Medbod

-- MattJonkman - 09 Mar 2008

alert udp $HOME_NET 1024: -> $EXTERNAL_NET 6990:7000 (msg:"ET TROJAN Medbod UDP Phone Home Packet"; dsize:<50; content:"ebex"; nocase; classtype:trojan-activity; sid:2007949; rev:1;)

Added 2008-03-08 21:11:53 UTC

See Win32Medbod

-- MattJonkman - 09 Mar 2008

Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r2 < r1 | More topic actions
 
Emerging Threats
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback