alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN HackerDefender?.HE Root Kit Control Connection Reply"; flow: established,from_server; content:"|d0 84 ec 77 cf ec 60 e9|"; depth:8; reference:url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html; reference:url,doc.emergingthreats.net/2003245; classtype:trojan-activity; sid:2003245; rev:3;)

Added 2011-10-12 19:13:06 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN HackerDefender?.HE Root Kit Control Connection Reply"; flow: established,from_server; content:"|d0 84 ec 77 cf ec 60 e9|"; depth:8; classtype:trojan-activity; reference:url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html; reference:url,doc.emergingthreats.net/2003245; sid:2003245; rev:3;)

Added 2011-09-14 22:26:03 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN HackerDefender?.HE Root Kit Control Connection Reply"; flow: established,from_server; content:"|d0 84 ec 77 cf ec 60 e9|"; depth:8; classtype:trojan-activity; reference:url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html; reference:url,doc.emergingthreats.net/2003245; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_HackerDefender; sid:2003245; rev:3;)

Added 2011-02-04 17:22:20 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN HackerDefender?.HE Root Kit Control Connection Reply"; flow: established,from_server; content:"|d0 84 ec 77 cf ec 60 e9|"; depth:8; classtype:trojan-activity; reference:url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html; reference:url,doc.emergingthreats.net/2003245; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_HackerDefender; sid:2003245; rev:3;)

Added 2010-06-28 22:46:58 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN HackerDefender?.HE Root Kit Control Connection Reply"; flow: established,from_server; content:"|d0 84 ec 77 cf ec 60 e9|"; depth:8; classtype:trojan-activity; reference:url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html; reference:url,doc.emergingthreats.net/2003245; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_HackerDefender; sid:2003245; rev:3;)

Added 2010-06-28 22:46:58 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN HackerDefender?.HE Root Kit Control Connection Reply"; flow: established,from_server; content:"|d0 84 ec 77 cf ec 60 e9|"; depth:8; classtype:trojan-activity; reference:url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html; reference:url,doc.emergingthreats.net/2003245; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_HackerDefender; sid: 2003245; rev:3;)

Added 2009-02-12 18:21:17 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN HackerDefender?.HE Root Kit Control Connection Reply"; flow: established,from_server; content:"|d0 84 ec 77 cf ec 60 e9|"; depth:8; classtype:trojan-activity; reference:url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html; reference:url,doc.emergingthreats.net/2003245; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_HackerDefender; sid: 2003245; rev:3;)

Added 2009-02-12 18:21:17 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN HackerDefender?.HE Root Kit Control Connection Reply"; flow: established,from_server; content:"|d0 84 ec 77 cf ec 60 e9|"; depth:8; classtype:trojan-activity; reference:url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html; sid: 2003245; rev:2;)

Added 2008-01-31 10:12:23 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN HackerDefender?.HE Root Kit Control Connection Reply"; flow: established,from_server; content:"|d0 84 ec 77 cf ec 60 e9|"; depth:8; classtype:trojan-activity; reference:url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html; sid: 2003245; rev:2;)

Added 2008-01-31 10:12:23 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "BLEEDING-EDGE TROJAN HackerDefender?.HE Root Kit Control Connection Reply"; flow: established,from_server; content:"|d0 84 ec 77 cf ec 60 e9|"; depth:8; classtype:trojan-activity; reference:url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html; sid: 2003245; rev:1; )



Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats