##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED Possible Trojan File Download - Rar Requested but not received"; flow:established,from_server; flowbits:isset,ET.rar_seen; flowbits:unset,ET.rar_seen; content:"200"; http_stat_code; content:"OK"; http_stat_msg; content:!"|0d 0a 0d 0a 52 61 72 21 1A 07|"; depth:300; reference:url, www.win-rar.com/index.php?id=24&kb=1&kb_article_id=162; reference:url,doc.emergingthreats.net/2008783; classtype:trojan-activity; sid:2008783; rev:7;)

Added 2011-10-12 19:25:51 UTC


##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED Possible Trojan File Download - Rar Requested but not received"; flow:established,from_server; flowbits:isset,ET.rar_seen; flowbits:unset,ET.rar_seen; content:"200"; http_stat_code; content:"OK"; http_stat_msg; content:!"|0d 0a 0d 0a 52 61 72 21 1A 07|"; depth:300; classtype:trojan-activity; reference:url, www.win-rar.com/index.php?id=24&kb=1&kb_article_id=162; reference:url,doc.emergingthreats.net/2008783; sid:2008783; rev:7;)

Added 2011-09-14 22:39:18 UTC


##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED Possible Trojan File Download - Rar Requested but not received"; flow:established,from_server; flowbits:isset,ET.rar_seen; flowbits:unset,ET.rar_seen; content:"200"; http_stat_code; content:"OK"; http_stat_msg; content:!"|0d 0a 0d 0a 52 61 72 21 1A 07|"; depth:300; classtype:trojan-activity; reference:url, www.win-rar.com/index.php?id=24&kb=1&kb_article_id=162; reference:url,doc.emergingthreats.net/2008783; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_RAR_Files; sid:2008783; rev:7;)

Added 2011-08-09 06:32:09 UTC


##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED Possible Trojan File Download - Rar Requested but not received"; flow:established,from_server; flowbits:isset,ET.rar_seen; flowbits:unset,ET.rar_seen; content:"200"; http_stat_code; content:"OK"; http_stat_msg; content:!"|0d 0a 0d 0a 52 61 72 21 1A 07|"; depth:300; classtype:trojan-activity; reference:url, www.win-rar.com/index.php?id=24&kb=1&kb_article_id=162; reference:url,doc.emergingthreats.net/2008783; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_RAR_Files; sid:2008783; rev:7;)

Added 2011-08-08 21:58:51 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Possible Trojan File Download - Rar Requested but not received"; flow:established,from_server; flowbits:isset,ET.rar_seen; flowbits:unset,ET.rar_seen; content:"200"; http_stat_code; content:"OK"; http_stat_msg; content:!"|0d 0a 0d 0a 52 61 72 21 1A 07|"; depth:300; classtype:trojan-activity; reference:url, www.win-rar.com/index.php?id=24&kb=1&kb_article_id=162; reference:url,doc.emergingthreats.net/2008783; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_RAR_Files; sid:2008783; rev:6;)

Added 2011-06-14 15:38:26 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Possible Trojan File Download - Rar Requested but not received"; flow:established,from_server; flowbits:isset,ET.rar_seen; flowbits:unset,ET.rar_seen; content:"200"; http_stat_code; content:"OK"; http_stat_msg; content:!"|0d 0a 0d 0a 52 61 72 21 1A 07|"; classtype:trojan-activity; reference:url, www.win-rar.com/index.php?id=24&kb=1&kb_article_id=162; reference:url,doc.emergingthreats.net/2008783; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_RAR_Files; sid:2008783; rev:5;)

Added 2011-06-06 18:57:26 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Possible Trojan File Download - Rar Requested but not received"; flow:established,from_server; flowbits:isset,ET.rar_seen; flowbits:unset,ET.rar_seen; content:"200"; http_stat_code; content:"OK"; http_stat_msg; content:"Content-Type|3a| application|2f|octet-stream"; http_header; content:!"|0d 0a 0d 0a 52 61 72 21 1A 07|"; classtype:trojan-activity; reference:url, www.win-rar.com/index.php?id=24&kb=1&kb_article_id=162; reference:url,doc.emergingthreats.net/2008783; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_RAR_Files; sid:2008783; rev:4;)

Added 2011-02-04 17:27:59 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Possible Trojan File Download - Rar Requested but not received"; flow:established,from_server; flowbits:isset,ET.rar_seen; flowbits:unset,ET.rar_seen; content:"200 OK"; content:"Content-Type|3a| application|2f|octet-stream"; content:!"|0d 0a 0d 0a 52 61 72 21 1A 07|"; classtype:trojan-activity; reference:url, www.win-rar.com/index.php?id=24&kb=1&kb_article_id=162; reference:url,doc.emergingthreats.net/2008783; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_RAR_Files; sid:2008783; rev:3;)

Added 2009-02-11 19:15:23 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Possible Trojan File Download - Rar Requested but not received"; flow:established,from_server; flowbits:isset,ET.rar_seen; flowbits:unset,ET.rar_seen; content:"200 OK"; content:"Content-Type|3a| application|2f|octet-stream"; content:!"|0d 0a 0d 0a 52 61 72 21 1A 07|"; classtype:trojan-activity; reference:url, www.win-rar.com/index.php?id=24&kb=1&kb_article_id=162; reference:url,doc.emergingthreats.net/2008783; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_RAR_Files; sid:2008783; rev:3;)

Added 2009-02-11 19:15:23 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Possible Trojan File Download - Rar Requested but not received"; flow:established,from_server; flowbits:isset,ET.rar_seen; flowbits:unset,ET.rar_seen; content:"200 OK"; content:"Content-Type|3a| application|2f|octet-stream"; content:!"|0d 0a 0d 0a 52 61 72 21 1A 07|"; classtype:trojan-activity; reference:url, www.win-rar.com/index.php?id=24&kb=1&kb_article_id=162; sid:2008783; rev:2;)

Added 2008-11-25 09:49:36 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Possible Trojan File Download - Rar Requested but not received"; flow:established,from_server; flowbits:isset,ET.rar_seen; flowbits:unset,ET.rar_seen; content:"200 OK"; content:"Content-Type|3a| application|2f|octet-stream"; content:!"|0d 0a 0d 0a 52 61 72 21 1A 07|"; classtype:trojan-activity; reference:url, www.win-rar.com/index.php?id=24&kb=1&kb_article_id=162; sid:2008783; rev:2;)

Added 2008-11-25 09:49:36 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Possible Trojan File Download - Rar Requested but not received"; flow:established,from_server; flowbits:isset,ET.rar_seen; flowbits:unset,ET.rar_seen; content:"200 OK"; content:"Content-Type|3a| application|2f|octet-stream"; content:!"|0d 0a 0d 0a 52 61 72 21 1A 07|"; classtype:trojan-activity; reference:url, www.win-rar.com/index.php?id=24&kb=1&kb_article_id=162; sid:2008783; rev:2;)

Added 2008-11-25 09:45:22 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Possible Trojan File Download - Rar Requested but not received"; flow:established,from_server; flowbits:isset,ET.rar_seen; flowbits:unset,ET.rar_seen; content:"200 OK"; content:"Content-Type|3a| application|2f|octet-stream"; content:!"|0d 0a 0d 0a 52 61 72 21 1A 07|"; classtype:trojan-activity; reference:url, www.win-rar.com/index.php?id=24&kb=1&kb_article_id=162; sid:2008783; rev:2;)

Added 2008-11-25 09:45:22 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Possible Trojan File Download - Rar Requested but not received"; flow:established,from_server; flowbits:isset,ET.rar_seen; flowbits:unset,ET.rar_seen; content:"200 OK"; content:"Content-Type|3a|application|2f|octet-stream"; content:!"|0d 0a 0d 0a 52 61 72 21 1A 07|"; classtype:trojan-activity; reference:url, www.win-rar.com/index.php?id=24&kb=1&kb_article_id=162; sid:2008783; rev:1;)

Added 2008-11-13 18:14:17 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats