alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"ET CURRENT_EVENTS Malware Word doc Email - Fordo Trojan Likely"; flow:established,to_server; content:"|0d 0a|Subject|3a| Rechnung"; pcre:"/Rechnung\.(zip|doc)/i"; classtype:trojan-activity; reference:url,www.virustotal.com/analisis/0fc3a70eff0b9ec447794acbda2402e7; reference:url,isc.sans.org/diary.html?storyid=5029; reference:url,doc.emergingthreats.net/bin/view/Main/2008552; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Fordo; sid:2008552; rev:2;)

Added 2009-02-06 21:20:11 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"ET CURRENT_EVENTS Malware Word doc Email - Fordo Trojan Likely"; flow:established,to_server; content:"|0d 0a|Subject|3a| Rechnung"; pcre:"/Rechnung\.(zip|doc)/i"; classtype:trojan-activity; reference:url,www.virustotal.com/analisis/0fc3a70eff0b9ec447794acbda2402e7; reference:url,isc.sans.org/diary.html?storyid=5029; reference:url,doc.emergingthreats.net/bin/view/Main/2008552; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Fordo; sid:2008552; rev:2;)

Added 2009-02-06 21:20:11 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"ET CURRENT_EVENTS Malware Word doc Email - Fordo Trojan Likely"; flow:established,to_server; content:"|0d 0a|Subject: Rechnung"; pcre:"/Rechnung\.(zip|doc)/i"; classtype:trojan-activity; reference:url,www.virustotal.com/analisis/0fc3a70eff0b9ec447794acbda2402e7; reference:url,isc.sans.org/diary.html?storyid=5029; reference:url,doc.emergingthreats.net/bin/view/Main/2008552; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Fordo; sid:2008552; rev:2;)

Added 2009-02-06 19:00:54 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"ET CURRENT_EVENTS Malware Word doc Email - Fordo Trojan Likely"; flow:established,to_server; content:"|0d 0a|Subject: Rechnung"; pcre:"/Rechnung\.(zip|doc)/i"; classtype:trojan-activity; reference:url,www.virustotal.com/analisis/0fc3a70eff0b9ec447794acbda2402e7; reference:url,isc.sans.org/diary.html?storyid=5029; reference:url,doc.emergingthreats.net/bin/view/Main/2008552; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Fordo; sid:2008552; rev:2;)

Added 2009-02-06 19:00:54 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"ET CURRENT_EVENTS Malware Word doc Email - Fordo Trojan Likely"; flow:established,to_server; content:"|0d 0a|Subject\: Rechnung"; pcre:"/Rechnung\.(zip|doc)/i"; classtype:trojan-activity; reference:url,www.virustotal.com/analisis/0fc3a70eff0b9ec447794acbda2402e7; reference:url,isc.sans.org/diary.html?storyid=5029; sid:2008552; rev:1;)

Added 2008-09-15 11:45:21 UTC


Topic revision: r1 - 2009-02-07 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats