alert tcp $EXTERNAL_NET 1024: -> $HOME_NET any (msg:"ET TROJAN Beizhu/Womble/Vipdataend Controller Keepalive"; flow:established,from_server; dsize:1; content:"d"; classtype:trojan-activity; sid:2008335; rev:3;) Added 2008-09-29 22:45:21 UTC This signature triggers a false positive for clients using Bloomberg over the Internet. -- SteveTornio - 17 Oct 2008
alert tcp $EXTERNAL_NET 1024: -> $HOME_NET any (msg:"ET TROJAN Beizhu/Womble/Vipdataend Controller Keepalive"; flow:established,from_server; dsize:1; content:"d"; classtype:trojan-activity; sid:2008335; rev:3;) Added 2008-09-29 22:45:21 UTC
alert tcp $EXTERNAL_NET 1024: -> $HOME_NET any (msg:"ET TROJAN Beizhu/Womble/Vipdataend Controller Keepalive"; flow:established,to_server; dsize:1; content:"d"; classtype:trojan-activity; sid:2008335; rev:2;) Added 2008-09-16 14:08:16 UTC
alert tcp $EXTERNAL_NET 1024: -> $HOME_NET any (msg:"ET TROJAN Beizhu/Womble/Vipdataend Controller Keepalive"; flow:established,to_server; dsize:1; content:"d"; classtype:trojan-activity; sid:2008335; rev:2;) Added 2008-09-16 14:08:16 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Beizhu/Womble/Vipdataend Controller Keepalive"; flow:established,to_server; dsize:1; content:"d"; classtype:trojan-activity; sid:2008335; rev:1;) Added 2008-06-25 12:36:14 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Beizhu/Womble/Vipdataend Controller Keepalive"; flow:established,to_server; dsize:1; content:"d"; classtype:trojan-activity; sid:2008335; rev:1;) Added 2008-06-25 12:33:35 UTC
Topic revision: r3 - 2008-10-17 - SteveTornio
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © Emerging Threats