alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Swizzor Checkin (kgen_up)"; flow:to_server,established; content:"kgen_up.int"; http_uri; content:"fxp="; http_uri; pcre:"/fxp=[a-z0-9]{60}/Ui"; reference:url,doc.emergingthreats.net/2008379; classtype:trojan-activity; sid:2008379; rev:4;)

Added 2011-10-12 19:25:01 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Swizzor Checkin (kgen_up)"; flow:to_server,established; content:"kgen_up.int"; http_uri; content:"fxp="; http_uri; pcre:"/fxp=[a-z0-9]{60}/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008379; sid:2008379; rev:4;)

Added 2011-09-14 22:38:28 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Swizzor Checkin (kgen_up)"; flow:to_server,established; content:"kgen_up.int"; http_uri; content:"fxp="; http_uri; pcre:"/fxp=[a-z0-9]{60}/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008379; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Lop; sid:2008379; rev:4;)

Added 2011-02-04 17:27:33 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Swizzor Checkin (kgen_up)"; flow:to_server,established; uricontent:"kgen_up.int"; uricontent:"fxp="; pcre:"/fxp=[a-z0-9]{60}/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008379; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Lop; sid:2008379; rev:3;)

Added 2009-05-11 20:45:34 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Swizzor Checkin (kgen_up)"; flow:to_server,established; uricontent:"kgen_up.int"; uricontent:"fxp="; pcre:"/fxp=[a-z0-9]{60}/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008379; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Lop; sid:2008379; rev:3;)

Added 2009-05-11 20:45:34 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Swizzor Checkin (kgen_up)"; flow:to_server,established; uricontent:"kgen_up.int"; uricontent:"fxp="; pcre:"/fxp=[a-z0-9]{60}/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008379; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Lop; sid:2008379; rev:2;)

Added 2009-02-13 19:30:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Swizzor Checkin (kgen_up)"; flow:to_server,established; uricontent:"kgen_up.int"; uricontent:"fxp="; pcre:"/fxp=[a-z0-9]{60}/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008379; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Lop; sid:2008379; rev:2;)

Added 2009-02-13 19:30:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Swizzor Checkin (kgen_up)"; flow:to_server,established; uricontent:"kgen_up.int"; uricontent:"fxp="; pcre:"/fxp=[a-z0-9]{60}/Ui"; classtype:trojan-activity; sid:2008379; rev:1;)

Added 2008-07-08 13:56:29 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats