EditAttachPrintable
r1 - 12 Oct 2011 - 23:23:59 - TWikiGuestYou are here: TWiki >  Main Web > 2007866

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CHAT Gadu-Gadu Chat Client Checkin via HTTP"; flow:established,to_server; content:"/appsvc/appmsg"; nocase; http_uri; content:"fmnumber="; nocase; http_uri; content:"&version="; nocase; http_uri; content:"&fmt="; nocase; http_uri; content:"&lastmsg="; http_uri; nocase; reference:url,doc.emergingthreats.net/2007866; classtype:trojan-activity; sid:2007866; rev:7;)

Added 2011-10-12 19:23:59 UTC

 

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CHAT Gadu-Gadu Chat Client Checkin via HTTP"; flow:established,to_server; content:"/appsvc/appmsg"; nocase; http_uri; content:"fmnumber="; nocase; http_uri; content:"&version="; nocase; http_uri; content:"&fmt="; nocase; http_uri; content:"&lastmsg="; http_uri; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007866; sid:2007866; rev:7;)

Added 2011-09-14 22:37:27 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CHAT Gadu-Gadu Chat Client Checkin via HTTP"; flow:established,to_server; content:"/appsvc/appmsg"; nocase; http_uri; content:"fmnumber="; nocase; http_uri; content:"&version="; nocase; http_uri; content:"&fmt="; nocase; http_uri; content:"&lastmsg="; http_uri; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007866; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Gadu-gadu.pl; sid:2007866; rev:7;)

Added 2011-02-10 14:52:47 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Gadu-Gadu Chat Client Checkin via HTTP"; flow:established,to_server; content:"/appsvc/appmsg"; nocase; http_uri; content:"fmnumber="; nocase; http_uri; content:"&version="; nocase; http_uri; content:"&fmt="; nocase; http_uri; content:"&lastmsg="; http_uri; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007866; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Gadu-gadu.pl; sid:2007866; rev:7;)

Added 2011-02-04 17:26:57 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY GaduGadu? Chat Client Checkin via HTTP"; flow:established,to_server; uricontent:"/appsvc/appmsg"; nocase; uricontent:"fmnumber="; nocase; uricontent:"&version="; nocase; uricontent:"&fmt="; nocase; uricontent:"&lastmsg="; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007866; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_IM_GaduGadu; sid:2007866; rev:5;)

Added 2010-09-01 10:46:39 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY GaduGadu? Chat Client Checkin via HTTP"; flow:established,to_server; uricontent:"/appsvc/appmsg"; nocase; uricontent:"fmnumber="; nocase; uricontent:"&version="; nocase; uricontent:"&fmt="; nocase; uricontent:"&lastmsg="; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007866; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_IM_GaduGadu; sid:2007866; rev:5;)

Added 2010-09-01 10:46:39 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GaduGadu? Chat Client Checkin via HTTP"; flow:established,to_server; uricontent:"/appsvc/appmsg"; nocase; uricontent:"fmnumber="; nocase; uricontent:"&version="; nocase; uricontent:"&fmt="; nocase; uricontent:"&lastmsg="; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007866; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_IM_GaduGadu; sid:2007866; rev:4;)

Added 2010-08-31 16:04:32 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GaduGadu? Chat Client Checkin via HTTP"; flow:established,to_server; uricontent:"/appsvc/appmsg"; nocase; uricontent:"fmnumber="; nocase; uricontent:"&version="; nocase; uricontent:"&fmt="; nocase; uricontent:"&lastmsg="; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007866; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_IM_GaduGadu; sid:2007866; rev:4;)

Added 2010-08-31 16:04:32 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GaduGadu? Chat Client Checkin via HTTP"; flow:established,to_server; uricontent:"/appsvc/appmsg"; nocase; uricontent:"fmnumber="; nocase; uricontent:"&version="; nocase; uricontent:"&fmt="; nocase; uricontent:"&lastmsg="; nocase; classtype:trojan-activity; sid:2007866; rev:3;)

Added 2010-08-23 14:14:51 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN GaduGadu? Chat Client Checkin via HTTP"; flow:established,to_server; uricontent:"/appsvc/appmsg"; nocase; uricontent:"fmnumber="; nocase; uricontent:"&version="; nocase; uricontent:"&fmt="; nocase; uricontent:"&lastmsg="; nocase; classtype:trojan-activity; sid:2007866; rev:3;)

Added 2010-08-23 14:14:51 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Gadu-Gadu.pl Related Trojan Reporting via HTTP"; flow:established,to_server; uricontent:"/appsvc/appmsg"; nocase; uricontent:"fmnumber="; nocase; uricontent:"&version="; nocase; uricontent:"&fmt="; nocase; uricontent:"&lastmsg="; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007866; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Gadu-gadu.pl; sid:2007866; rev:2;)

Added 2009-02-12 18:21:16 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Gadu-Gadu.pl Related Trojan Reporting via HTTP"; flow:established,to_server; uricontent:"/appsvc/appmsg"; nocase; uricontent:"fmnumber="; nocase; uricontent:"&version="; nocase; uricontent:"&fmt="; nocase; uricontent:"&lastmsg="; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007866; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Gadu-gadu.pl; sid:2007866; rev:2;)

Added 2009-02-12 18:21:16 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Suspicious User Agent - Possible Trojan Downloader (Firefox)"; flow:to_server,established; content:"|0d 0a|User-Agent\: Firefox|0d 0a|"; classtype:trojan-activity; sid:2007866; rev:1;)

Added 2008-02-21 12:03:35 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Gadu-Gadu.pl Related Trojan Reporting via HTTP"; flow:established,to_server; uricontent:"/appsvc/appmsg"; nocase; uricontent:"fmnumber="; nocase; uricontent:"&version="; nocase; uricontent:"&fmt="; nocase; uricontent:"&lastmsg="; nocase; classtype:trojan-activity; sid:2007866; rev:1;)

Added 2008-02-21 11:52:38 UTC

Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r1 | More topic actions
 
Emerging Threats
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback