#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32.Inject.ql Checkin Post"; flow:established,to_server; content:"POST"; depth:4; http_method; content:"MAC="; nocase; http_client_body; content:"&IP="; nocase; http_client_body; content:"&NAME="; nocase; http_client_body; content:"&OS="; nocase; http_client_body; reference:url,doc.emergingthreats.net/2007803; classtype:trojan-activity; sid:2007803; rev:3;)

Added 2011-10-12 19:23:52 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32.Inject.ql Checkin Post"; flow:established,to_server; content:"POST"; depth:4; http_method; content:"MAC="; nocase; http_client_body; content:"&IP="; nocase; http_client_body; content:"&NAME="; nocase; http_client_body; content:"&OS="; nocase; http_client_body; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007803; sid:2007803; rev:3;)

Added 2011-09-14 22:37:21 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32.Inject.ql Checkin Post"; flow:established,to_server; content:"POST"; depth:4; http_method; content:"MAC="; nocase; http_client_body; content:"&IP="; nocase; http_client_body; content:"&NAME="; nocase; http_client_body; content:"&OS="; nocase; http_client_body; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007803; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2007803; rev:3;)

Added 2011-02-04 17:26:54 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32.Inject.ql Checkin Post"; flow:established,to_server; content:"POST "; depth:5; content:"|0d 0a 0d 0a|MAC="; nocase; content:"&IP="; nocase; distance:17; content:"&NAME="; nocase; distance:7; content:"&OS="; nocase; distance:0; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007803; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2007803; rev:2;)

Added 2009-02-13 19:47:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32.Inject.ql Checkin Post"; flow:established,to_server; content:"POST "; depth:5; content:"|0d 0a 0d 0a|MAC="; nocase; content:"&IP="; nocase; distance:17; content:"&NAME="; nocase; distance:7; content:"&OS="; nocase; distance:0; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007803; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2007803; rev:2;)

Added 2009-02-13 19:47:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32.Inject.ql Checkin Post"; flow:established,to_server; content:"POST "; depth:5; content:"|0d 0a 0d 0a|MAC="; nocase; content:"&IP="; nocase; distance:17; content:"&NAME="; nocase; distance:7; content:"&OS="; nocase; distance:0; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007803; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2007803; rev:2;)

Added 2009-02-13 19:46:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32.Inject.ql Checkin Post"; flow:established,to_server; content:"POST "; depth:5; content:"|0d 0a 0d 0a|MAC="; nocase; content:"&IP="; nocase; distance:17; content:"&NAME="; nocase; distance:7; content:"&OS="; nocase; distance:0; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007803; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2007803; rev:2;)

Added 2009-02-13 19:46:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32.Inject.ql Checkin Post"; flow:established,to_server; content:"POST "; depth:5; content:"|0d 0a 0d 0a|MAC="; nocase; content:"&IP="; nocase; distance:17; content:"&NAME="; nocase; distance:7; content:"&OS="; nocase; distance:0; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007803; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2007803; rev:2;)

Added 2009-02-13 19:45:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32.Inject.ql Checkin Post"; flow:established,to_server; content:"POST "; depth:5; content:"|0d 0a 0d 0a|MAC="; nocase; content:"&IP="; nocase; distance:17; content:"&NAME="; nocase; distance:7; content:"&OS="; nocase; distance:0; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007803; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2007803; rev:2;)

Added 2009-02-13 19:45:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32.Inject.ql Checkin Post"; flow:established,to_server; content:"POST "; depth:5; content:"|0d 0a 0d 0a|MAC="; nocase; content:"&IP="; nocase; distance:17; content:"&NAME="; nocase; distance:7; content:"&OS="; nocase; distance:0; classtype:trojan-activity; sid:2007803; rev:1;)

Added 2008-01-30 10:25:55 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats