alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN General Win32 Backdoor Checkin POST Packet 1"; flow:established,to_server; content:"/add.php"; http_uri; flowbits:noalert; flowbits:set,ET.bd1; reference:url,doc.emergingthreats.net/2009240; classtype:trojan-activity; sid:2009240; rev:8; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:02:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN General Win32 Backdoor Checkin POST Packet 1"; flow:established,to_server; content:"/add.php"; http_uri; flowbits:noalert; flowbits:set,ET.bd1; reference:url,doc.emergingthreats.net/2009240; classtype:trojan-activity; sid:2009240; rev:8;)

Added 2011-11-16 19:57:10 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN General Win32 Backdoor Checkin POST Packet 1"; flow:established,to_server; content:"/add.php"; http_uri; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Windows NT 5.1|3b| SV1)|0d 0a|"; http_header; flowbits:noalert; flowbits:set,ET.bd1; reference:url,doc.emergingthreats.net/2009240; classtype:trojan-activity; sid:2009240; rev:5;)

Added 2011-10-12 19:26:55 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN General Win32 Backdoor Checkin POST Packet 1"; flow:established,to_server; content:"/add.php"; http_uri; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Windows NT 5.1|3b| SV1)|0d 0a|"; http_header; flowbits:noalert; flowbits:set,ET.bd1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009240; sid:2009240; rev:5;)

Added 2011-09-14 22:40:18 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN General Win32 Backdoor Checkin POST Packet 1"; flow:established,to_server; content:"/add.php"; http_uri; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Windows NT 5.1|3b| SV1)|0d 0a|"; http_header; flowbits:noalert; flowbits:set,ET.bd1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009240; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Backdoor.General; sid:2009240; rev:5;)

Added 2011-02-04 17:28:31 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN General Win32 Backdoor Checkin POST Packet 1"; flow:established,to_server; uricontent:"/add.php"; content:"|0d 0a|User-Agent\: Mozilla/4.0 (compatible\; MSIE 6.0\; Windows NT 5.1\; SV1)|0d 0a|"; flowbits:noalert; flowbits:set,ET.bd1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009240; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Backdoor.General; sid:2009240; rev:2;)

Added 2009-04-20 17:00:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN General Win32 Backdoor Checkin POST Packet 1"; flow:established,to_server; uricontent:"/add.php"; content:"|0d 0a|User-Agent\: Mozilla/4.0 (compatible\; MSIE 6.0\; Windows NT 5.1\; SV1)|0d 0a|"; flowbits:noalert; flowbits:set,ET.bd1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009240; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Backdoor.General; sid:2009240; rev:2;)

Added 2009-04-20 17:00:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN General Win32 Backdoor Checkin POST Packet 1"; flow:established,to_server; uricontent:"/add.php"; content:"|0d 0a|User-Agent\: Mozilla/4.0 (compatible\; MSIE 6.0\; Windows NT 5.1\; SV1)|0d 0a|"; flowbits:noalert; flowbits:set,ET.bd1; classtype:trojan-activity; sid:2009240; rev:1;)

Added 2009-04-17 03:00:34 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats