##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED TinyPE? Binary - Possibly Hostile"; flow:from_server,established; content:"MZ"; content:"PE|00 00|"; within:20; reference:url,www.phreedom.org/solar/code/tinype/; reference:url,www.packetninjas.net/blog/2008/11/20/ids-signature-for-extremely-small-portable-executable-files.html; reference:url,doc.emergingthreats.net/2008576; classtype:trojan-activity; sid:2008576; rev:4;)

Added 2012-03-07 18:45:00 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET MISC TinyPE? Binary - Possibly Hostile"; flow:from_server,established; content:"MZ"; content:"PE|00 00|"; within:20; reference:url,www.phreedom.org/solar/code/tinype/; reference:url,www.packetninjas.net/blog/2008/11/20/ids-signature-for-extremely-small-portable-executable-files.html; reference:url,doc.emergingthreats.net/2008576; classtype:trojan-activity; sid:2008576; rev:4;)

Added 2011-10-12 19:25:24 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET MISC TinyPE? Binary - Possibly Hostile"; flow:from_server,established; content:"MZ"; content:"PE|00 00|"; within:20;classtype:trojan-activity; reference:url,www.phreedom.org/solar/code/tinype/; reference:url,www.packetninjas.net/blog/2008/11/20/ids-signature-for-extremely-small-portable-executable-files.html; reference:url,doc.emergingthreats.net/2008576; sid:2008576; rev:4;)

Added 2011-09-14 22:38:50 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET MISC TinyPE? Binary - Possibly Hostile"; flow:from_server,established; content:"MZ"; content:"PE|00 00|"; within:20;classtype:trojan-activity; reference:url,www.phreedom.org/solar/code/tinype/; reference:url,www.packetninjas.net/blog/2008/11/20/ids-signature-for-extremely-small-portable-executable-files.html; reference:url,doc.emergingthreats.net/2008576; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_TinyPE; sid:2008576; rev:4;)

Added 2011-02-04 17:27:45 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN TinyPE? Binary - Possibly Hostile"; flow:from_server,established; content:"MZ"; content:"PE|00 00|"; within:20; reference:url,www.phreedom.org/solar/code/tinype/; reference:url,www.packetninjas.net/blog/2008/11/20/ids-signature-for-extremely-small-portable-executable-files.html; classtype:misc-activity; reference:url,doc.emergingthreats.net/2008576; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_TinyPE; sid:2008576; rev:4;)

Added 2010-09-28 15:31:32 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN TinyPE? Binary - Possibly Hostile"; flow:from_server,established; content:"MZ"; content:"PE|00 00|"; within:20; reference:url,www.phreedom.org/solar/code/tinype/; reference:url,www.packetninjas.net/blog/2008/11/20/ids-signature-for-extremely-small-portable-executable-files.html; classtype:misc-activity; reference:url,doc.emergingthreats.net/2008576; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_TinyPE; sid:2008576; rev:4;)

Added 2010-09-28 15:31:32 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN TinyPE? Binary - Possibly Hostile"; flow:from_server,established; content:"MZ"; content:"PE|00 00|"; within:20; reference:url,www.phreedom.org/solar/code/tinype/; reference:url,bits.packetninjas.org/eblog/?p=316; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008576; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_TinyPE; sid:2008576; rev:3;)

Added 2009-02-13 19:47:26 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN TinyPE? Binary - Possibly Hostile"; flow:from_server,established; content:"MZ"; content:"PE|00 00|"; within:20; reference:url,www.phreedom.org/solar/code/tinype/; reference:url,bits.packetninjas.org/eblog/?p=316; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008576; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_TinyPE; sid:2008576; rev:3;)

Added 2009-02-13 19:47:26 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN TinyPE? Binary - Possibly Hostile"; flow:from_server,established; content:"MZ"; content:"PE|00 00|"; within:20; reference:url,www.phreedom.org/solar/code/tinype/; reference:url,bits.packetninjas.org/eblog/?p=316; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008576; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_TinyPE; sid:2008576; rev:3;)

Added 2009-02-13 19:46:39 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN TinyPE? Binary - Possibly Hostile"; flow:from_server,established; content:"MZ"; content:"PE|00 00|"; within:20; reference:url,www.phreedom.org/solar/code/tinype/; reference:url,bits.packetninjas.org/eblog/?p=316; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008576; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_TinyPE; sid:2008576; rev:3;)

Added 2009-02-13 19:46:39 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN TinyPE? Binary - Possibly Hostile"; flow:from_server,established; content:"MZ"; content:"PE|00 00|"; within:20; reference:url,www.phreedom.org/solar/code/tinype/; reference:url,bits.packetninjas.org/eblog/?p=316; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008576; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_TinyPE; sid:2008576; rev:3;)

Added 2009-02-13 19:45:23 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN TinyPE? Binary - Possibly Hostile"; flow:from_server,established; content:"MZ"; content:"PE|00 00|"; within:20; reference:url,www.phreedom.org/solar/code/tinype/; reference:url,bits.packetninjas.org/eblog/?p=316; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008576; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_TinyPE; sid:2008576; rev:3;)

Added 2009-02-13 19:45:23 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN TinyPE? Binary - Possibly Hostile"; flow:from_server,established; content:"MZ"; content:"PE|00 00|"; within:20; reference:url,www.phreedom.org/solar/code/tinype/; reference:url,bits.packetninjas.org/eblog/?p=316; classtype:trojan-activity; sid:2008576; rev:2;)

Added 2008-09-22 14:30:22 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN TinyPE? Binary - Possibly Hostile"; flow:from_server,established; content:"MZ"; content:"PE|00 00|"; within:20; reference:url,www.phreedom.org/solar/code/tinype/; reference:url,bits.packetninjas.org/eblog/?p=316; classtype:trojan-activity; sid:2008576; rev:2;)

Added 2008-09-22 14:30:22 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN TinyPE? Binary - Possibly Hostile"; flow:from_server,established; content:"|4D 5A|"; content:"|50 45|"; within: 120; reference:url,www.phreedom.org/solar/code/tinype/; reference:url,bits.packetninjas.org/eblog/?p=316; classtype:trojan-activity; sid:2008576; rev:1;)

Added 2008-09-22 12:30:22 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN TinyPE? Binary - Possibly Hostile"; flow:from_server,established; content:"|4D 5A|"; content:"|50 45|"; within: 120; reference:url,www.phreedom.org/solar/code/tinype/; reference:url,bits.packetninjas.org/eblog/?p=316; classtype:trojan-activity; sid:2008576; rev:1;)

Added 2008-09-22 12:30:22 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN TinyPE? Binary - Possibly Hostile"; flow:from_server,established; content:"|4D 5A|"; content:"|50 45|"; within: 120; reference:url,www.phreedom.org/solar/code/tinype/; reference:url,bits.packetninjas.org/eblog/?p=316; classtype:trojan-activity; sid:2008576; rev:1;)

Added 2008-09-20 17:00:22 UTC

We're seeing a LOT of FP's on streaming media.

-- MikeWazowski - 21 Sep 2008


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN TinyPE? Binary - Possibly Hostile"; flow:from_server,established; content:"|4D 5A|"; content:"|50 45|"; within: 120; reference:url,www.phreedom.org/solar/code/tinype/; reference:url,bits.packetninjas.org/eblog/?p=316; classtype:trojan-activity; sid:2008576; rev:1;)

Added 2008-09-20 16:59:46 UTC


Topic revision: r2 - 2008-09-21 - MikeWazowski
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats