##alert tcp $HOME_NET any -> $EXTERNAL_NET 897 (msg:"ET DELETED Backdoor PcClient.CAK.Pakes POST on non-http Port"; flow:established,to_server; content:"POST "; nocase; depth:5; content:".jsp"; nocase; within:50; pcre:"/\/\d{8,}\/\d{4,}\/\d{4,}\.jsp/"; reference:url,doc.emergingthreats.net/2009093; classtype:trojan-activity; sid:2009093; rev:4;)

Added 2012-03-19 23:39:05 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 897 (msg:"ET TROJAN Backdoor PcClient.CAK.Pakes POST on non-http Port"; flow:established,to_server; content:"POST "; depth:5; content:".jsp"; nocase; within:50; pcre:"/\/\d{8,}\/\d{4,}\/\d{4,}\.jsp/"; reference:url,doc.emergingthreats.net/2009093; classtype:trojan-activity; sid:2009093; rev:3;)

Added 2011-10-12 19:26:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 897 (msg:"ET TROJAN Backdoor PcClient.CAK.Pakes POST on non-http Port"; flow:established,to_server; content:"POST "; depth:5; content:".jsp"; nocase; within:50; pcre:"/\/\d{8,}\/\d{4,}\/\d{4,}\.jsp/"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009093; sid:2009093; rev:3;)

Added 2011-09-14 22:39:59 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 897 (msg:"ET TROJAN Backdoor PcClient.CAK.Pakes POST on non-http Port"; flow:established,to_server; content:"POST "; depth:5; content:".jsp"; nocase; within:50; pcre:"/\/\d{8,}\/\d{4,}\/\d{4,}\.jsp/"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009093; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Pakes; sid:2009093; rev:3;)

Added 2011-07-07 22:32:44 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 897 (msg:"ET TROJAN Backdoor PcClient.CAK.Pakes POST on non-http Port"; flow:established,to_server; content:"POST "; depth:5; content:".jsp"; nocase; within:50; pcre:"/\/\d{8,}\/\d{4,}\/\d{4,}\.jsp/"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009093; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Pakes; sid:2009093; rev:3;)

Added 2011-07-07 21:26:58 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 897 (msg:"ET TROJAN Backdoor PcClient?\/CAK\/Pakes POST on non-http Port"; flow:established,to_server; content:"POST "; depth:5; content:".jsp"; nocase; within:50; pcre:"/\/\d{8,}\/\d{4,}\/\d{4,}\.jsp/"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009093; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Pakes; sid:2009093; rev:2;)

Added 2011-02-04 17:28:21 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 897 (msg:"ET TROJAN Backdoor PcClient?\/CAK\/Pakes POST on non-http Port"; flow:established,to_server; content:"POST "; depth:5; content:".jsp"; nocase; within:50; pcre:"/\/\d{8,}\/\d{4,}\/\d{4,}\.jsp/"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009093; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Pakes; sid:2009093; rev:2;)

Added 2009-04-06 13:22:13 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 897 (msg:"ET TROJAN Backdoor PcClient?\/CAK\/Pakes POST on non-http Port"; flow:established,to_server; content:"POST "; depth:5; content:".jsp"; nocase; within:50; pcre:"/\/\d{8,}\/\d{4,}\/\d{4,}\.jsp/"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009093; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Pakes; sid:2009093; rev:2;)

Added 2009-04-06 13:00:25 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 897 (msg:"ET TROJAN Backdoor PcClient?\/CAK\/Pakes POST on non-http Port"; flow:established,to_server; content:"POST "; depth:5; content:".jsp"; nocase; within:50; pcre:"/\/\d{8,}\/\d{4,}\/\d{4,}\.jsp/"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009093; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Pakes; sid:2009093; rev:2;)

Added 2009-02-18 20:00:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 897 (msg:"ET TROJAN Backdoor PcClient?\/CAK\/Pakes POST on non-http Port"; flow:established,to_server; content:"POST "; depth:5; content:".jsp"; nocase; within:50; pcre:"/\/\d{8,}\/\d{4,}\/\d{4,}\.jsp/"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009093; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Pakes; sid:2009093; rev:2;)

Added 2009-02-18 20:00:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 897 (msg:"ET TROJAN Backdoor PcClient?\/CAK\/Pakes POST on non-http Port"; flow:established,to_server; content:"POST "; depth:5; content:".jsp"; nocase; within:50; pcre:"/\/\d{8,}\/\d{4,}\/\d{4,}\.jsp/"; classtype:trojan-activity; sid:2009093; rev:1;)

Added 2009-02-18 16:52:54 UTC


Topic revision: r1 - 2012-03-20 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats