#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Generic Trojan Checkin"; flow: to_server,established; content:"GET"; nocase; http_method; content: ".asp?mac="; nocase; http_uri; pcre:"/mac=[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}/iU"; content: "&ver="; nocase; http_uri; reference:url,doc.emergingthreats.net/2009412; classtype:trojan-activity; sid:2009412; rev:11;)

Added 2011-10-12 19:27:19 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Generic Trojan Checkin"; flow: to_server,established; content:"GET"; nocase; http_method; content: ".asp?mac="; nocase; http_uri; pcre:"/mac=[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}/iU"; content: "&ver="; nocase; http_uri; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009412; sid:2009412; rev:11;)

Added 2011-09-27 22:24:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Trojan Checkin"; flow: to_server,established; content:"GET"; nocase; http_method; content: ".asp?mac="; nocase; http_uri; pcre:"/mac=[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}/iU"; content: "&ver="; nocase; http_uri; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009412; sid:2009412; rev:10;)

Added 2011-09-14 22:40:40 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Trojan Checkin"; flow: to_server,established; content:"GET"; nocase; http_method; content: ".asp?mac="; nocase; http_uri; pcre:"/mac=[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}/iU"; content: "&ver="; nocase; http_uri; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009412; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_General; sid:2009412; rev:10;)

Added 2011-02-04 17:28:44 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Trojan Checkin"; flow: to_server,established; content:"GET "; depth: 4; uricontent: ".asp?mac="; nocase; pcre:"/[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+/iU"; uricontent: "&ver="; nocase; reference:url,doc.emergingthreats.net/2009412; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_General; classtype:trojan-activity; sid:2009412; rev:4;)

Added 2009-07-22 17:00:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Trojan Checkin"; flow: to_server,established; content:"GET "; depth: 4; uricontent: ".asp?mac="; nocase; pcre:"/[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+/iU"; uricontent: "&ver="; nocase; reference:url,doc.emergingthreats.net/2009412; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_General; classtype:trojan-activity; sid:2009412; rev:4;)

Added 2009-07-22 17:00:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Generic Trojan Checkin"; flow: to_server,established; content:"GET "; depth: 4; uricontent: ".asp?mac="; nocase; pcre:"/[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+/iU"; uricontent: "&ver="; nocase; reference:url,doc.emergingthreats.net/2009412; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_General; classtype:trojan-activity; sid:2009412; rev:3;)

Added 2009-07-01 20:03:01 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Generic Trojan Checkin"; flow: to_server,established; content:"GET "; depth: 4; uricontent: ".asp?mac="; nocase; pcre:"/[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+/iU"; uricontent: "&ver="; nocase; reference:url,doc.emergingthreats.net/2009412; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_General; classtype:trojan-activity; sid:2009412; rev:3;)

Added 2009-07-01 20:03:01 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Generic Trojan Checkin"; flow: to_server,established; content:"GET "; depth: 4; uricontent: ".asp?mac="; nocase; pcre:"/[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+/iU"; uricontent: "&ver="; nocase; reference:url,doc.emergingthreats.net/2009412; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_General; sid:2009412; rev:2;)

Added 2009-06-22 19:30:34 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Generic Trojan Checkin"; flow: to_server,established; content:"GET "; depth: 4; uricontent: ".asp?mac="; nocase; pcre:"/[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+/iU"; uricontent: "&ver="; nocase; reference:url,doc.emergingthreats.net/2009412; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_General; sid:2009412; rev:2;)

Added 2009-06-22 19:30:34 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Generic Trojan Checkin"; flow: to_server,established; content:"GET "; depth: 4; uricontent: ".asp?mac="; nocase; pcre:"/[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+/iU"; uricontent: "&ver="; nocase; sid:2009412; rev:1;)

Added 2009-06-19 15:00:37 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats