#alert udp $EXTERNAL_NET any -> $HOME_NET 1024: (msg:"ET TROJAN Palevo/BFBot/Mariposa server join acknowledgement"; dsize:8; content:"|40|"; depth:1; flowbits:isset,ET.MariposaJoin; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010101; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; classtype:trojan-activity; sid:2010101; rev:6;)

Added 2015-10-05 19:05:52 UTC


alert udp $EXTERNAL_NET any -> $HOME_NET 1024: (msg:"ET TROJAN Palevo/BFBot/Mariposa server join acknowledgement"; dsize:8; content:"|40|"; depth:1; flowbits:isset,ET.MariposaJoin; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010101; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; classtype:trojan-activity; sid:2010101; rev:6;)

Added 2011-10-12 19:28:58 UTC


alert udp $EXTERNAL_NET any -> $HOME_NET 1024: (msg:"ET TROJAN Palevo/BFBot/Mariposa server join acknowledgement"; dsize:8; content:"|40|"; depth:1; flowbits:isset,ET.MariposaJoin; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010101; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010101; rev:6;)

Added 2011-09-14 22:42:14 UTC


alert udp $EXTERNAL_NET any -> $HOME_NET 1024: (msg:"ET TROJAN Palevo/BFBot/Mariposa server join acknowledgement"; dsize:8; content:"|40|"; depth:1; flowbits:isset,ET.MariposaJoin; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010101; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010101; rev:6;)

Added 2011-05-23 18:40:23 UTC


alert udp $EXTERNAL_NET any -> $HOME_NET 1024: (msg:"ET TROJAN Palevo/BFBot/Mariposa server join acknowledgement"; dsize:8; content:"|40|"; depth:1; flowbits:isset,ET.MariposaJoin; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010101; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010101; rev:6;)

Added 2011-05-23 18:25:47 UTC


alert udp $EXTERNAL_NET 1024: -> $HOME_NET 1024: (msg:"ET TROJAN Palevo/BFBot/Mariposa server join acknowledgement"; dsize:8; content:"|40|"; depth:1; flowbits:isset,ET.MariposaJoin; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010101; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010101; rev:5;)

Added 2011-02-04 17:29:34 UTC


alert udp $EXTERNAL_NET 1024: -> $HOME_NET 1024: (msg:"ET TROJAN Palevo/BFBot/Mariposa server join acknowledgement"; dsize:8; content:"|40|"; depth:1; flowbits:isset,ET.MariposaJoin; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010101; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010101; rev:5;)

Added 2009-11-04 19:57:08 UTC


alert udp $EXTERNAL_NET 1024: -> $HOME_NET 1024: (msg:"ET TROJAN Palevo/BFBot/Mariposa server join acknowledgement"; dsize:8; content:"|40|"; depth:1; flowbits:isset,ET.MariposaJoin; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010101; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010101; rev:5;)

Added 2009-11-04 19:57:08 UTC


alert udp $EXTERNAL_NET 1024: -> $HOME_NET 1024: (msg:"ET TROJAN Palevo/BFBot/Mariposa server join acknowledgement"; dsize:8; content:"|40|"; depth:1; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010101; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010101; rev:4;)

Added 2009-10-16 13:00:38 UTC


alert udp $EXTERNAL_NET 1024: -> $HOME_NET 1024: (msg:"ET TROJAN Palevo/BFBot/Mariposa server join acknowledgement"; dsize:8; content:"|40|"; depth:1; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010101; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010101; rev:4;)

Added 2009-10-16 13:00:38 UTC


alert udp $EXTERNAL_NET 3000: -> $HOME_NET 1024: (msg:"ET TROJAN Palevo/BFBot/Mariposa server join acknowledgement"; content:"|40|"; depth:1; dsize:8; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010101; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010101; rev:3;)

Added 2009-10-15 14:06:05 UTC


alert udp $EXTERNAL_NET 3000: -> $HOME_NET 1024: (msg:"ET TROJAN Palevo/BFBot/Mariposa server join acknowledgement"; content:"|40|"; depth:1; dsize:8; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010101; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010101; rev:3;)

Added 2009-10-15 14:06:05 UTC


alert udp $EXTERNAL_NET 3000: -> $HOME_NET 1024: (msg:"ET TROJAN Mariposa server join acknowledgement"; content:"|40|"; depth:1; dsize:8; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010101; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; sid:2010101; rev:2;)

Added 2009-10-14 20:45:37 UTC


alert udp $EXTERNAL_NET 3000: -> $HOME_NET 1024: (msg:"ET TROJAN Mariposa server join acknowledgement"; content:"|40|"; depth:1; dsize:8; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010101; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; sid:2010101; rev:2;)

Added 2009-10-14 20:45:37 UTC


alert udp $EXTERNAL_NET 3000: -> $HOME_NET 1024: (msg:"ET TROJAN Mariposa server join acknowledgement"; content:"|40|"; depth:1; dsize:8; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; sid:2010101; rev:1;)

Added 2009-10-14 14:05:20 UTC


Topic revision: r1 - 2015-10-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats