#alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Donbot Connect to CnC?"; flow:established,to_server; dsize:7; content:"HALLO|0d 0a|"; depth:7; reference:url,doc.emergingthreats.net/2008450; reference:url,blog.fireeye.com/research/2009/10/a-little_more_on_donbot.html; reference:url,www.avertlabs.com/research/blog/index.php/2009/04/05/donbot-joining-the-club-of-million-dollar-botnets/; classtype:trojan-activity; sid:2008450; rev:5;)

Added 2011-10-12 19:25:09 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Donbot Connect to CnC?"; flow:established,to_server; dsize:7; content:"HALLO|0d 0a|"; depth:7; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008450; reference:url,blog.fireeye.com/research/2009/10/a-little_more_on_donbot.html; reference:url,www.avertlabs.com/research/blog/index.php/2009/04/05/donbot-joining-the-club-of-million-dollar-botnets/; sid:2008450; rev:5;)

Added 2011-09-14 22:38:37 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Donbot Connect to CnC?"; flow:established,to_server; dsize:7; content:"HALLO|0d 0a|"; depth:7; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008450; reference:url,blog.fireeye.com/research/2009/10/a-little_more_on_donbot.html; reference:url,www.avertlabs.com/research/blog/index.php/2009/04/05/donbot-joining-the-club-of-million-dollar-botnets/; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Donbot; sid:2008450; rev:5;)

Added 2011-02-04 17:27:38 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Donbot Connect to CnC?"; flow:established,to_server; dsize:7; content:"HALLO|0d 0a|"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008450; reference:url,blog.fireeye.com/research/2009/10/a-little_more_on_donbot.html; reference:url,www.avertlabs.com/research/blog/index.php/2009/04/05/donbot-joining-the-club-of-million-dollar-botnets/; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Donbot; sid:2008450; rev:4;)

Added 2009-11-05 09:48:25 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Donbot Connect to CnC?"; flow:established,to_server; dsize:7; content:"HALLO|0d 0a|"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008450; reference:url,blog.fireeye.com/research/2009/10/a-little_more_on_donbot.html; reference:url,www.avertlabs.com/research/blog/index.php/2009/04/05/donbot-joining-the-club-of-million-dollar-botnets/; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Donbot; sid:2008450; rev:4;)

Added 2009-11-05 09:48:25 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Donbot Connect to CnC?"; flow:established,to_server; dsize:7; content:"HALLO|0d 0a|"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008450; reference:url,blog.fireeye.com/research/2009/10/a-little_more_on_donbot.html; reference:url,www.avertlabs.com/research/blog/index.php/2009/04/05/donbot-joining-the-club-of-million-dollar-botnets/; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Donbot; sid:2008450; rev:4;)

Added 2009-11-05 09:45:40 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Donbot Connect to CnC?"; flow:established,to_server; dsize:7; content:"HALLO|0d 0a|"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008450; reference:url,blog.fireeye.com/research/2009/10/a-little_more_on_donbot.html; reference:url,www.avertlabs.com/research/blog/index.php/2009/04/05/donbot-joining-the-club-of-million-dollar-botnets/; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Donbot; sid:2008450; rev:4;)

Added 2009-11-05 09:45:40 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Donbot Connect to CnC?"; flow:established,to_server; dsize:7; content:"HALLO|0d 0a|"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008450; reference:url,blog.fireeye.com/research/2009/10/a-little_more_on_donbot.html; reference:url,www.avertlabs.com/research/blog/index.php/2009/04/05/donbot-joining-the-club-of-million-dollar-botnets/; sid:2008450; rev:3;)

Added 2009-11-04 19:28:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Donbot Connect to CnC?"; flow:established,to_server; dsize:7; content:"HALLO|0d 0a|"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008450; reference:url,blog.fireeye.com/research/2009/10/a-little_more_on_donbot.html; reference:url,www.avertlabs.com/research/blog/index.php/2009/04/05/donbot-joining-the-club-of-million-dollar-botnets/; sid:2008450; rev:3;)

Added 2009-11-04 19:28:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Buzus.lyz Connect to CnC?"; flow:established,to_server; dsize:7; content:"HALLO|0d 0a|"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008450; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Buzus; sid:2008450; rev:2;)

Added 2009-02-12 18:21:14 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Buzus.lyz Connect to CnC?"; flow:established,to_server; dsize:7; content:"HALLO|0d 0a|"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008450; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Buzus; sid:2008450; rev:2;)

Added 2009-02-12 18:21:14 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Buzus.lyz Connect to CnC?"; flow:established,to_server; dsize:7; content:"HALLO|0d 0a|"; classtype:trojan-activity; sid:2008450; rev:1;)

Added 2008-07-20 15:33:38 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats