#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Trojan-Downloader.Win32.Small.hkp Checkin via HTTP"; flow:established,to_server; dsize:96; content:"GET /"; depth:5; pcre:"/^[^\r\n]*\/[0-9a-f]{78}\sHTTP/Ri"; reference:url,doc.emergingthreats.net/2007755; classtype:trojan-activity; sid:2007755; rev:7;)

Added 2016-07-13 19:53:28 UTC


##alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Trojan-Downloader.Win32.Small.hkp Checkin via HTTP"; flow:established,to_server; dsize:96; content:"GET /"; depth:5; pcre:"/\/[0-9a-f]{78}\sHTTP/Ui"; reference:url,doc.emergingthreats.net/2007755; classtype:trojan-activity; sid:2007755; rev:3;)

Added 2012-04-05 20:07:02 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Trojan-Downloader.Win32.Small.hkp Checkin via HTTP"; flow:established,to_server; dsize:96; content:"GET /"; depth:5; pcre:"/\/[0-9a-f]{78}\sHTTP/Ui"; reference:url,doc.emergingthreats.net/2007755; classtype:trojan-activity; sid:2007755; rev:3;)

Added 2011-10-12 19:23:47 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Trojan-Downloader.Win32.Small.hkp Checkin via HTTP"; flow:established,to_server; dsize:96; content:"GET /"; depth:5; pcre:"/\/[0-9a-f]{78}\sHTTP/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007755; sid:2007755; rev:3;)

Added 2011-09-14 22:37:16 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Trojan-Downloader.Win32.Small.hkp Checkin via HTTP"; flow:established,to_server; dsize:96; content:"GET /"; depth:5; pcre:"/\/[0-9a-f]{78}\sHTTP/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007755; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2007755; rev:3;)

Added 2011-02-04 17:26:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Trojan-Downloader.Win32.Small.hkp Checkin via HTTP"; flow:established,to_server; dsize:96; content:"GET /"; depth:5; pcre:"/\/[0-9a-f]{78}\sHTTP/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007755; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2007755; rev:3;)

Added 2009-02-12 18:21:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Trojan-Downloader.Win32.Small.hkp Checkin via HTTP"; flow:established,to_server; dsize:96; content:"GET /"; depth:5; pcre:"/\/[0-9a-f]{78}\sHTTP/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007755; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2007755; rev:3;)

Added 2009-02-12 18:21:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Trojan-Downloader.Win32.Small.hkp Checkin via HTTP"; flow:established,to_server; dsize:96; content:"GET /"; depth:5; pcre:"/\/[0-9a-f]{78}\sHTTP/Ui"; classtype:trojan-activity; sid:2007755; rev:2;)

Added 2008-01-31 10:12:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Trojan-Downloader.Win32.Small.hkp Checkin via HTTP"; flow:established,to_server; dsize:96; content:"GET /"; depth:5; pcre:"/\/[0-9a-f]{78}\sHTTP/Ui"; classtype:trojan-activity; sid:2007755; rev:2;)

Added 2008-01-31 10:12:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Trojan-Downloader.Win32.Small.hkp Checkin via HTTP"; flow:established,to_server; dsize:96; content:"GET /"; depth:5; pcre:"/\/[0-9a-f]{78}\sHTTP/Ui"; classtype:trojan-activity; sid:2007755; rev:1;)

Added 2008-01-10 20:12:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Trojan-Downloader.Win32.Small.hkp Checkin via HTTP"; flow:established,to_server; dsize:96; content:"GET /"; depth:5; pcre:"/\/[0-9a-f]{78}\sHTTP/Ui"; classtype:trojan-activity; sid:2007755; rev:1;)

Added 2008-01-10 20:11:17 UTC


Topic revision: r1 - 2016-07-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats