#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED New Malware Information Post"; flow:to_server,established; content:"POST"; nocase; http_method; content:"|0d 0a|Pragma|3a| no-cache|0d 0a 0d 0a|"; http_header; content:"|C9 78 C7 02 69 06 7E 34 78 17|"; fast_pattern; reference:url,doc.emergingthreats.net/2009092; classtype:trojan-activity; sid:2009092; rev:9; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:02:14 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS New Malware Information Post"; flow:to_server,established; content:"POST"; nocase; http_method; content:"Pragma|3a| no-cache"; http_header; content:"|C9 78 C7 02 69 06 7E 34 78 17|"; fast_pattern; reference:url,doc.emergingthreats.net/2009092; classtype:trojan-activity; sid:2009092; rev:8;)

Added 2011-10-12 19:26:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS New Malware Information Post"; flow:to_server,established; content:"POST"; nocase; http_method; content:"Pragma|3a| no-cache"; http_header; content:"|C9 78 C7 02 69 06 7E 34 78 17|"; fast_pattern; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009092; sid:2009092; rev:8;)

Added 2011-09-14 22:39:59 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS New Malware Information Post"; flow:to_server,established; content:"POST"; nocase; http_method; content:"Pragma|3a| no-cache"; http_header; content:"|C9 78 C7 02 69 06 7E 34 78 17|"; fast_pattern; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009092; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Rusibank.com; sid:2009092; rev:8;)

Added 2011-03-22 15:48:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS New Malware Information Post"; flow:to_server,established; content:"POST"; nocase; http_method; content:"Pragma|3a| no-cache"; http_header; content:"|C9 78 C7 02 69 06 7E 34 78 17|"; depth:18; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009092; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Rusibank.com; sid:2009092; rev:6;)

Added 2011-02-04 17:28:21 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS New Malware Information Post"; flow:to_server,established; content:"POST "; depth:5; content:"|0d 0a|Pragma\: no-cache|0d 0a 0d 0a|"; content:"|C9 78 C7 02 69 06 7E 34 78 17|"; distance:4; within:14; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009092; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Rusibank.com; sid:2009092; rev:2;)

Added 2009-02-18 20:00:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS New Malware Information Post"; flow:to_server,established; content:"POST "; depth:5; content:"|0d 0a|Pragma\: no-cache|0d 0a 0d 0a|"; content:"|C9 78 C7 02 69 06 7E 34 78 17|"; distance:4; within:14; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009092; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Rusibank.com; sid:2009092; rev:2;)

Added 2009-02-18 20:00:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS New Malware Information Post"; flow:to_server,established; content:"POST "; depth:5; content:"|0d 0a|Pragma\: no-cache|0d 0a 0d 0a|"; content:"|C9 78 C7 02 69 06 7E 34 78 17|"; distance:4; within:14; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009092; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Rusibank.com; sid:2009092; rev:2;)

Added 2009-02-18 19:55:54 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS New Malware Information Post"; flow:to_server,established; content:"POST "; depth:5; content:"|0d 0a|Pragma\: no-cache|0d 0a 0d 0a|"; content:"|C9 78 C7 02 69 06 7E 34 78 17|"; distance:4; within:14; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009092; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Rusibank.com; sid:2009092; rev:2;)

Added 2009-02-18 19:55:54 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS New Malware Information Post"; flow:to_server,established; content:"POST "; depth:5; content:"|0d 0a|Pragma\: no-cache|0d 0a 0d 0a|"; content:"|C9 78 C7 02 69 06 7E 34 78 17|"; distance:4; within:14; classtype:trojan-activity; sid:2009092; rev:1;)

Added 2009-02-18 16:04:04 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats