alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN W32.Downloader Tibs.ek Reporting to C&C"; flow:established,to_server; uricontent:".php"; nocase; uricontent:"?win=Win"; nocase; uricontent:"&id="; nocase; uricontent:"&lip="; nocase; uricontent:"&s5="; nocase; uricontent:"&h="; nocase; uricontent:"&hs="; nocase; uricontent:"&b="; nocase; classtype:trojan-activity; sid:2007841; rev:1;)

Added 2008-03-09 20:49:17 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN W32.Downloader Tibs.ek Reporting to C&C"; flow:established,to_server; uricontent:".php"; nocase; uricontent:"?win=Win"; nocase; uricontent:"&id="; nocase; uricontent:"&lip="; nocase; uricontent:"&s5="; nocase; uricontent:"&h="; nocase; uricontent:"&hs="; nocase; uricontent:"&b="; nocase; classtype:trojan-activity; sid:2007841; rev:1;)

Added 2008-03-09 20:49:17 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN W32.Downloader Tibs.ek Reporting to C&C"; flow:established,to_server; uricontent:".php"; nocase; uricontent:"?win=Win"; nocase; uricontent:"&id="; nocase; uricontent:"&lip="; nocase; uricontent:"&s5="; nocase; uricontent:"&h="; nocase; uricontent:"&hs="; nocase; uricontent:"&b="; nocase; classtype:trojan-activity; sid:2007841; rev:1;)

Added 2008-02-12 14:01:10 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN W32.Downloader Tibs.ek Reporting to C&C"; flow:established,to_server; uricontent:".php"; nocase; uricontent:"?win=Win"; nocase; uricontent:"&id="; nocase; uricontent:"&lip="; nocase; uricontent:"&s5="; nocase; uricontent:"&h="; nocase; uricontent:"&hs="; nocase; uricontent:"&b="; nocase; classtype:trojan-activity; sid:2007841; rev:1;)

Added 2008-02-12 13:59:01 UTC


Topic revision: r1 - 2008-03-10 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats