EditAttachPrintable
r4 - 01 Jul 2008 - 12:25:31 - MattJonkmanYou are here: TWiki >  Main Web > 2007962

alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Vipdataend C&C Traffic - Checkin"; flow:established,to_server; dsize:<20; content:"|3a|"; depth:5; offset:2; content:"|7c| "; within:8; depth:12; classtype:trojan-activity; sid:2007962; rev:4;)

Added 2008-06-24 23:26:43 UTC

 

alert tcp $HOME_NET 1024: -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Vipdataend C&C Traffic - Checkin"; flow:established,to_server; dsize:<20; content:"|3a|"; depth:5; offset:2; content:"|7c| "; within:8; depth:12; classtype:trojan-activity; sid:2007962; rev:3;)

Added 2008-05-14 15:47:37 UTC

alert tcp $HOME_NET 1024: -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Vipdataend C&C Traffic - Checkin"; flow:established,to_server; dsize:<20; content:"|3a|"; depth:3; offset:2; content:"|7c| "; within:8; depth:12; classtype:trojan-activity; sid:2007962; rev:2;)

Added 2008-05-14 14:36:14 UTC

alert tcp $HOME_NET 1024: -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Vipdataend C&C Traffic - Checkin"; flow:established,to_server; dsize:<20; content:"HX|3a|212|7c|win "; offset:0; classtype:trojan-activity; sid:2007962; rev:1;)

Added 2008-03-09 20:49:17 UTC

re 0f5a56e87c9c7a328dcd29e012e3f0f8 and fc7538d589ee77929e107f444c038aad

-- MattJonkman - 10 Mar 2008

Topic attachments
I Attachment Action Size Date Who Comment
elsepcap base_packet_7-24954.pcap manage 0.1 K 30 Jun 2008 - 20:58 DigiAngel False positive of 2007962
Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r4 < r3 < r2 < r1 | More topic actions
 
Emerging Threats
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback