#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Emo/Downloader.vr Checkin"; flow:established,to_server; content:"GET"; nocase; http_method; content:".php"; http_uri; content:"v="; http_uri; content:"&rs="; http_uri; content:"&n="; http_uri; content:"&uid="; http_uri; reference:url,doc.emergingthreats.net/2008546; reference:url,www.malwaredomainlist.com/mdl.php?search=emo+&colsearch=All&quantity=50; classtype:trojan-activity; sid:2008546; rev:6; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:01:42 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Emo/Downloader.vr Checkin"; flow:established,to_server; content:"GET"; nocase; http_method; content:".php"; http_uri; content:"v="; http_uri; content:"&rs="; http_uri; content:"&n="; http_uri; content:"&uid="; http_uri; reference:url,doc.emergingthreats.net/2008546; reference:url,www.malwaredomainlist.com/mdl.php?search=emo+&colsearch=All&quantity=50; classtype:trojan-activity; sid:2008546; rev:7;)

Added 2013-01-23 21:43:52 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Emo/Downloader.vr Checkin"; flow:established,to_server; content:"GET"; nocase; http_method; content:".php"; http_uri; content:"v="; http_uri; content:"&rs="; http_uri; content:"&n="; http_uri; content:"&uid="; http_uri; reference:url,doc.emergingthreats.net/2008546; reference:url,www.malwaredomainlist.com/mdl.php?search=emo+&colsearch=All&quantity=50; classtype:trojan-activity; sid:2008546; rev:7;)

Added 2012-03-16 17:32:46 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Emo/Downloader.vr Checkin"; flow:established,to_server; content:"GET"; http_method; content:".php"; http_uri; content:"v="; http_uri; content:"&rs="; http_uri; content:"&n="; http_uri; content:"&uid="; http_uri; reference:url,doc.emergingthreats.net/2008546; reference:url,www.malwaredomainlist.com/mdl.php?search=emo+&colsearch=All&quantity=50; classtype:trojan-activity; sid:2008546; rev:6;)

Added 2011-10-12 19:25:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Emo/Downloader.vr Checkin"; flow:established,to_server; content:"GET"; http_method; content:".php"; http_uri; content:"v="; http_uri; content:"&rs="; http_uri; content:"&n="; http_uri; content:"&uid="; http_uri; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008546; reference:url,www.malwaredomainlist.com/mdl.php?search=emo+&colsearch=All&quantity=50; sid:2008546; rev:6;)

Added 2011-09-14 22:38:47 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Emo/Downloader.vr Checkin"; flow:established,to_server; content:"GET"; http_method; content:".php"; http_uri; content:"v="; http_uri; content:"&rs="; http_uri; content:"&n="; http_uri; content:"&uid="; http_uri; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008546; reference:url,www.malwaredomainlist.com/mdl.php?search=emo+&colsearch=All&quantity=50; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008546; rev:6;)

Added 2011-02-04 17:27:44 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Emo/Downloader.vr Checkin"; flow:established,to_server; content:"GET "; depth:4; uricontent:".php"; uricontent:"v="; uricontent:"&rs="; uricontent:"&n="; uricontent:"&uid="; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008546; reference:url,www.malwaredomainlist.com/mdl.php?search=emo+&colsearch=All&quantity=50; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008546; rev:4;)

Added 2009-05-19 16:00:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Emo/Downloader.vr Checkin"; flow:established,to_server; content:"GET "; depth:4; uricontent:".php"; uricontent:"v="; uricontent:"&rs="; uricontent:"&n="; uricontent:"&uid="; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008546; reference:url,www.malwaredomainlist.com/mdl.php?search=emo+&colsearch=All&quantity=50; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008546; rev:4;)

Added 2009-05-19 16:00:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader.vr Checkin part 1 of 2"; flow:established,to_server; content:"GET "; depth:4; uricontent:".php"; uricontent:"v="; uricontent:"&rs="; uricontent:"&n="; uricontent:"&uid="; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008546; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008546; rev:3;)

Added 2009-02-12 18:21:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader.vr Checkin part 1 of 2"; flow:established,to_server; content:"GET "; depth:4; uricontent:".php"; uricontent:"v="; uricontent:"&rs="; uricontent:"&n="; uricontent:"&uid="; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008546; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008546; rev:3;)

Added 2009-02-12 18:21:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader.vr Checkin part 1 of 2"; flow:established,to_server; content:"GET "; depth:4; uricontent:".php"; uricontent:"v="; uricontent:"&rs="; uricontent:"&n="; uricontent:"&uid="; classtype:trojan-activity; sid:2008546; rev:2;)

Added 2008-10-06 12:15:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader.vr Checkin part 1 of 2"; flow:established,to_server; content:"GET "; depth:4; uricontent:".php"; uricontent:"v="; uricontent:"&rs="; uricontent:"&n="; uricontent:"&uid="; classtype:trojan-activity; sid:2008546; rev:2;)

Added 2008-10-06 12:15:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Unknown Downloader Checkin part 1 of 2"; flow:established,to_server; content:"GET "; depth:4; uricontent:".php"; uricontent:"v="; uricontent:"&rs="; uricontent:"&n="; uricontent:"&uid="; classtype:trojan-activity; sid:2008546; rev:1;)

Added 2008-09-12 15:15:21 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats