alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Potential Gemini/Fake AV Download URL Detected"; flow:established,to_server; content:"/Layouts/Landings/CentralLandings/"; nocase; http_uri; content:"/images/"; nocase; http_uri; pcre:"/\x2FLayouts\x2FLandings\x2FCentralLandings\x2F\d+\x2Fimages\x2F/Ui"; reference:url,www.virustotal.com/analisis/c36e206c6dfe88345815da41c1b14b4f33a9636ad94dd46ce48f5b367f1c736c-1254242791; reference:url,doc.emergingthreats.net/2010450; classtype:trojan-activity; sid:2010450; rev:3;)

Added 2011-10-12 19:29:48 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Potential Gemini/Fake AV Download URL Detected"; flow:established,to_server; content:"/Layouts/Landings/CentralLandings/"; nocase; http_uri; content:"/images/"; nocase; http_uri; pcre:"/\x2FLayouts\x2FLandings\x2FCentralLandings\x2F\d+\x2Fimages\x2F/Ui"; classtype:trojan-activity; reference:url,www.virustotal.com/analisis/c36e206c6dfe88345815da41c1b14b4f33a9636ad94dd46ce48f5b367f1c736c-1254242791; reference:url,doc.emergingthreats.net/2010450; sid:2010450; rev:3;)

Added 2011-09-14 22:43:00 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Potential Gemini/Fake AV Download URL Detected"; flow:established,to_server; content:"/Layouts/Landings/CentralLandings/"; nocase; http_uri; content:"/images/"; nocase; http_uri; pcre:"/\x2FLayouts\x2FLandings\x2FCentralLandings\x2F\d+\x2Fimages\x2F/Ui"; classtype:trojan-activity; reference:url,www.virustotal.com/analisis/c36e206c6dfe88345815da41c1b14b4f33a9636ad94dd46ce48f5b367f1c736c-1254242791; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Gemini; reference:url,doc.emergingthreats.net/2010450; sid:2010450; rev:3;)

Added 2011-02-04 17:29:59 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Potential Gemini/Fake AV Download URL Detected"; flow:established,to_server; uricontent:"/Layouts/Landings/CentralLandings/"; nocase; uricontent:"/images/"; nocase; pcre:"/\x2FLayouts\x2FLandings\x2FCentralLandings\x2F\d+\x2Fimages\x2F/Ui"; classtype:trojan-activity; reference:url,www.virustotal.com/analisis/c36e206c6dfe88345815da41c1b14b4f33a9636ad94dd46ce48f5b367f1c736c-1254242791; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Gemini; reference:url,doc.emergingthreats.net/2010450; sid:2010450; rev:2;)

Added 2009-12-16 09:00:47 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Potential Gemini/Fake AV Download URL Detected"; flow:established,to_server; uricontent:"/Layouts/Landings/CentralLandings/"; nocase; uricontent:"/images/"; nocase; pcre:"/\x2FLayouts\x2FLandings\x2FCentralLandings\x2F\d+\x2Fimages\x2F/Ui"; classtype:trojan-activity; reference:url,www.virustotal.com/analisis/c36e206c6dfe88345815da41c1b14b4f33a9636ad94dd46ce48f5b367f1c736c-1254242791; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Gemini; reference:url,doc.emergingthreats.net/2010450; sid:2010450; rev:2;)

Added 2009-12-16 09:00:47 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Potential Gemini/Fake AV Download URL Detected"; flow:established,to_server; uricontent:"/Layouts/Landings/CentralLandings/"; nocase; uricontent:"/images/"; nocase; pcre:"/\x2FLayouts\x2FLandings\x2FCentralLandings\x2F\d+\x2Fimages\x2F/Ui"; classtype:trojan-activity; reference:url,www.virustotal.com/analisis/c36e206c6dfe88345815da41c1b14b4f33a9636ad94dd46ce48f5b367f1c736c-1254242791; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Gemini; sid:2010450; rev:1;)

Added 2009-12-03 23:15:43 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats