alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CHAT Gadu-Gadu Chat Client Checkin via HTTP"; flow:established,to_server; content:"/appsvc/appmsg"; nocase; http_uri; content:"fmnumber="; nocase; http_uri; content:"&version="; nocase; http_uri; content:"&fmt="; nocase; http_uri; content:"&lastmsg="; http_uri; nocase; reference:url,doc.emergingthreats.net/2007866; classtype:trojan-activity; sid:2007866; rev:8; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:01:05 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CHAT Gadu-Gadu Chat Client Checkin via HTTP"; flow:established,to_server; content:"/appsvc/appmsg"; nocase; http_uri; content:"fmnumber="; nocase; http_uri; content:"&version="; nocase; http_uri; content:"&fmt="; nocase; http_uri; content:"&lastmsg="; http_uri; nocase; reference:url,doc.emergingthreats.net/2007866; classtype:trojan-activity; sid:2007866; rev:7;)

Added 2011-10-12 19:23:59 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CHAT Gadu-Gadu Chat Client Checkin via HTTP"; flow:established,to_server; content:"/appsvc/appmsg"; nocase; http_uri; content:"fmnumber="; nocase; http_uri; content:"&version="; nocase; http_uri; content:"&fmt="; nocase; http_uri; content:"&lastmsg="; http_uri; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007866; sid:2007866; rev:7;)

Added 2011-09-14 22:37:27 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CHAT Gadu-Gadu Chat Client Checkin via HTTP"; flow:established,to_server; content:"/appsvc/appmsg"; nocase; http_uri; content:"fmnumber="; nocase; http_uri; content:"&version="; nocase; http_uri; content:"&fmt="; nocase; http_uri; content:"&lastmsg="; http_uri; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007866; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Gadu-gadu.pl; sid:2007866; rev:7;)

Added 2011-02-10 14:52:47 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Gadu-Gadu Chat Client Checkin via HTTP"; flow:established,to_server; content:"/appsvc/appmsg"; nocase; http_uri; content:"fmnumber="; nocase; http_uri; content:"&version="; nocase; http_uri; content:"&fmt="; nocase; http_uri; content:"&lastmsg="; http_uri; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007866; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Gadu-gadu.pl; sid:2007866; rev:7;)

Added 2011-02-04 17:26:57 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY GaduGadu? Chat Client Checkin via HTTP"; flow:established,to_server; uricontent:"/appsvc/appmsg"; nocase; uricontent:"fmnumber="; nocase; uricontent:"&version="; nocase; uricontent:"&fmt="; nocase; uricontent:"&lastmsg="; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007866; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_IM_GaduGadu; sid:2007866; rev:5;)

Added 2010-09-01 10:46:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY GaduGadu? Chat Client Checkin via HTTP"; flow:established,to_server; uricontent:"/appsvc/appmsg"; nocase; uricontent:"fmnumber="; nocase; uricontent:"&version="; nocase; uricontent:"&fmt="; nocase; uricontent:"&lastmsg="; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007866; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_IM_GaduGadu; sid:2007866; rev:5;)

Added 2010-09-01 10:46:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GaduGadu? Chat Client Checkin via HTTP"; flow:established,to_server; uricontent:"/appsvc/appmsg"; nocase; uricontent:"fmnumber="; nocase; uricontent:"&version="; nocase; uricontent:"&fmt="; nocase; uricontent:"&lastmsg="; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007866; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_IM_GaduGadu; sid:2007866; rev:4;)

Added 2010-08-31 16:04:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GaduGadu? Chat Client Checkin via HTTP"; flow:established,to_server; uricontent:"/appsvc/appmsg"; nocase; uricontent:"fmnumber="; nocase; uricontent:"&version="; nocase; uricontent:"&fmt="; nocase; uricontent:"&lastmsg="; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007866; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_IM_GaduGadu; sid:2007866; rev:4;)

Added 2010-08-31 16:04:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GaduGadu? Chat Client Checkin via HTTP"; flow:established,to_server; uricontent:"/appsvc/appmsg"; nocase; uricontent:"fmnumber="; nocase; uricontent:"&version="; nocase; uricontent:"&fmt="; nocase; uricontent:"&lastmsg="; nocase; classtype:trojan-activity; sid:2007866; rev:3;)

Added 2010-08-23 14:14:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GaduGadu? Chat Client Checkin via HTTP"; flow:established,to_server; uricontent:"/appsvc/appmsg"; nocase; uricontent:"fmnumber="; nocase; uricontent:"&version="; nocase; uricontent:"&fmt="; nocase; uricontent:"&lastmsg="; nocase; classtype:trojan-activity; sid:2007866; rev:3;)

Added 2010-08-23 14:14:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Gadu-Gadu.pl Related Trojan Reporting via HTTP"; flow:established,to_server; uricontent:"/appsvc/appmsg"; nocase; uricontent:"fmnumber="; nocase; uricontent:"&version="; nocase; uricontent:"&fmt="; nocase; uricontent:"&lastmsg="; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007866; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Gadu-gadu.pl; sid:2007866; rev:2;)

Added 2009-02-12 18:21:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Gadu-Gadu.pl Related Trojan Reporting via HTTP"; flow:established,to_server; uricontent:"/appsvc/appmsg"; nocase; uricontent:"fmnumber="; nocase; uricontent:"&version="; nocase; uricontent:"&fmt="; nocase; uricontent:"&lastmsg="; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007866; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Gadu-gadu.pl; sid:2007866; rev:2;)

Added 2009-02-12 18:21:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Suspicious User Agent - Possible Trojan Downloader (Firefox)"; flow:to_server,established; content:"|0d 0a|User-Agent\: Firefox|0d 0a|"; classtype:trojan-activity; sid:2007866; rev:1;)

Added 2008-02-21 12:03:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Gadu-Gadu.pl Related Trojan Reporting via HTTP"; flow:established,to_server; uricontent:"/appsvc/appmsg"; nocase; uricontent:"fmnumber="; nocase; uricontent:"&version="; nocase; uricontent:"&fmt="; nocase; uricontent:"&lastmsg="; nocase; classtype:trojan-activity; sid:2007866; rev:1;)

Added 2008-02-21 11:52:38 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats