#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Generic Password Stealer Checkin URL Detected"; flow:established,to_server; content:"method=get"; nocase; http_uri; content:"&port="; nocase; http_uri; content:"&type="; nocase; http_uri; content:"&winver="; nocase; http_uri; reference:url,doc.emergingthreats.net/2006384; classtype:trojan-activity; sid:2006384; rev:8; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 20:59:35 UTC


##alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Generic Password Stealer Checkin URL Detected"; flow:established,to_server; content:"method=get"; nocase; http_uri; content:"&port="; nocase; http_uri; content:"&type="; nocase; http_uri; content:"&winver="; nocase; http_uri; reference:url,doc.emergingthreats.net/2006384; classtype:trojan-activity; sid:2006384; rev:7;)

Added 2014-04-28 19:16:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Password Stealer Checkin URL Detected"; flow:established,to_server; content:"method=get"; nocase; http_uri; content:"&port="; nocase; http_uri; content:"&type="; nocase; http_uri; content:"&winver="; nocase; http_uri; reference:url,doc.emergingthreats.net/2006384; classtype:trojan-activity; sid:2006384; rev:6;)

Added 2011-10-12 19:20:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Password Stealer Checkin URL Detected"; flow:established,to_server; content:"method=get"; nocase; http_uri; content:"&port="; nocase; http_uri; content:"&type="; nocase; http_uri; content:"&winver="; nocase; http_uri; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006384; sid:2006384; rev:6;)

Added 2011-09-14 22:34:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Password Stealer Checkin URL Detected"; flow:established,to_server; content:"method=get"; nocase; http_uri; content:"&port="; nocase; http_uri; content:"&type="; nocase; http_uri; content:"&winver="; nocase; http_uri; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006384; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_PWS_Generic; sid:2006384; rev:6;)

Added 2011-02-04 17:25:19 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Password Stealer Checkin URL Detected"; flow:established,to_server; uricontent:"method=get"; nocase; uricontent:"&port="; nocase; uricontent:"&type="; nocase; uricontent:"&winver="; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006384; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_PWS_Generic; sid:2006384; rev:5;)

Added 2009-02-13 19:30:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Password Stealer Checkin URL Detected"; flow:established,to_server; uricontent:"method=get"; nocase; uricontent:"&port="; nocase; uricontent:"&type="; nocase; uricontent:"&winver="; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006384; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_PWS_Generic; sid:2006384; rev:5;)

Added 2009-02-13 19:30:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Password Stealer Checkin URL Detected"; flow:established,to_server; uricontent:"method=get"; nocase; uricontent:"&port="; nocase; uricontent:"&type="; nocase; uricontent:"&winver="; nocase; classtype:trojan-activity; sid:2006384; rev:4;)

Added 2008-06-24 09:23:49 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Password Stealer Checkin URL Detected"; flow:established,to_server; uricontent:"method=get"; nocase; uricontent:"&port="; nocase; uricontent:"&type="; nocase; uricontent:"&winver="; nocase; classtype:trojan-activity; sid:2006384; rev:4;)

Added 2008-06-24 09:23:49 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Password Stealer Checkin URL Detected"; flow:established,to_server; uricontent:"method=get"; nocase; uricontent:"&port="; nocase; uricontent:"&id="; nocase; uricontent:"&type="; nocase; uricontent:"&winver="; nocase; uricontent:"&ver="; nocase; classtype:trojan-activity; sid:2006384; rev:2;)

Added 2008-01-31 10:12:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Password Stealer Checkin URL Detected"; flow:established,to_server; uricontent:"method=get"; nocase; uricontent:"&port="; nocase; uricontent:"&id="; nocase; uricontent:"&type="; nocase; uricontent:"&winver="; nocase; uricontent:"&ver="; nocase; classtype:trojan-activity; sid:2006384; rev:2;)

Added 2008-01-31 10:12:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Generic Password Stealer Checkin URL Detected"; flow:established,to_server; uricontent:"method=get"; nocase; uricontent:"&port="; nocase; uricontent:"&id="; nocase; uricontent:"&type="; nocase; uricontent:"&winver="; nocase; uricontent:"&ver="; nocase; classtype:trojan-activity; sid:2006384; rev:1;)

Added 2007-07-09 04:31:57 UTC

From the sandnet analysis

-- ShirkDog? - 31 Jul 2007


Topic revision: r2 - 2007-07-31 - ShirkDog?
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats