alert tcp $HOME_NET any -> [210.51.7.155,221.5.250.98,61.188.87.58,218.241.153.61,58.141.132.66,221.10.254.248,124.135.97.21,125.108.172.81] any (msg:"ET CURRENT_EVENTS Malware Communication with Control Servers (Possible GhostNet? Related Activity)"; reference:url,www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Ghostnet; sid:2009176; rev:3;)

Added 2009-03-31 15:00:25 UTC


alert tcp $HOME_NET any -> [210.51.7.155,221.5.250.98,61.188.87.58,218.241.153.61,58.141.132.66,221.10.254.248,124.135.97.21,125.108.172.81] any (msg:"ET CURRENT_EVENTS Malware Communication with Control Servers (Possible GhostNet? Related Activity)"; reference:url,www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Ghostnet; sid:2009176; rev:3;)

Added 2009-03-31 15:00:25 UTC


alert tcp $HOME_NET any -> [210.51.7.155,221.5.250.98,61.188.87.58,218.241.153.61,58.141.132.66,221.10.254.248,124.135.97.21,125.108.172.81] [$HTTP_PORTS,8000,4501,8005] (msg:"ET CURRENT_EVENTS Malware Communication with Control Servers (Possible GhostNet? Related Activity)"; reference:url,www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Ghostnet; sid:2009176; rev:2;)

Added 2009-03-30 21:00:25 UTC


alert tcp $HOME_NET any -> [210.51.7.155,221.5.250.98,61.188.87.58,218.241.153.61,58.141.132.66,221.10.254.248,124.135.97.21,125.108.172.81] [$HTTP_PORTS,8000,4501,8005] (msg:"ET CURRENT_EVENTS Malware Communication with Control Servers (Possible GhostNet? Related Activity)"; reference:url,www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Ghostnet; sid:2009176; rev:2;)

Added 2009-03-30 21:00:25 UTC


alert tcp $HOME_NET any -> [210.51.7.155,221.5.250.98,61.188.87.58,218.241.153.61,58.141.132.66,221.10.254.248,124.135.97.21,125.108.172.81] [$HTTP_PORTS,8000,4501,8005] (msg:"ET CURRENT_EVENTS Malware Communication with Control Servers (Possible GhostNet? Related Activity)"; reference:url,www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network; classtype:trojan-activity; sid:2009176; rev:1;)

Added 2009-03-30 11:45:25 UTC


alert tcp $HOME_NET any -> [210.51.7.155,221.5.250.98,61.188.87.58,218.241.153.61,58.141.132.66,221.10.254.248,124.135.97.21,125.108.172.81] [$HTTP_PORTS,8000,4501,8005] (msg:"ET CURRENT_EVENTS Malware Communication with Control Servers (Possible GhostNet? Related Activity)"; reference:url,www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network; classtype:trojan-activity; sid:2009176; rev:1;)

Added 2009-03-30 11:43:51 UTC


Topic revision: r1 - 2009-03-31 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats