alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Shiz/Rohimafo Binary Download Request"; flow:established,to_server; uricontent:".php?id="; nocase; uricontent:"&magic="; nocase; pcre:"/\.php\?id=\d+&magic=(-)?\d+$/U"; classtype:trojan-activity; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2010-041308-3301-99&tabid=2; reference:url,asert.arbornetworks.com/2010/09/shiz-and-rohimafo-malware-cousins/; reference:url,threatexpert.com/report.aspx?md5=3614d4f6527d512b61c27c4e213347a6; reference:url,threatexpert.com/report.aspx?md5=0bb4662b54f02c989edc520314fc20ea; reference:url,threatexpert.com/report.aspx?md5=a671eb9979505119f4106a990c4ef7ab; reference:url,doc.emergingthreats.net/2010793; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredavi; sid:2010793; rev:4;)

Added 2010-09-17 12:47:31 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Shiz/Rohimafo Binary Download Request"; flow:established,to_server; uricontent:".php?id="; nocase; uricontent:"&magic="; nocase; pcre:"/\.php\?id=\d+&magic=(-)?\d+$/U"; classtype:trojan-activity; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2010-041308-3301-99&tabid=2; reference:url,asert.arbornetworks.com/2010/09/shiz-and-rohimafo-malware-cousins/; reference:url,threatexpert.com/report.aspx?md5=3614d4f6527d512b61c27c4e213347a6; reference:url,threatexpert.com/report.aspx?md5=0bb4662b54f02c989edc520314fc20ea; reference:url,threatexpert.com/report.aspx?md5=a671eb9979505119f4106a990c4ef7ab; reference:url,doc.emergingthreats.net/2010793; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredavi; sid:2010793; rev:4;)

Added 2010-09-17 12:47:31 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredavi Binary Download Request"; flow:established,to_server; uricontent:".php?id="; nocase; uricontent:"&magic="; nocase; pcre:"/\.php\?id=\d+&magic=(-)?\d+$/U"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010793; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredavi; sid:2010793; rev:2;)

Added 2010-02-10 10:47:03 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredavi Binary Download Request"; flow:established,to_server; uricontent:".php?id="; nocase; uricontent:"&magic="; nocase; pcre:"/\.php\?id=\d+&magic=(-)?\d+$/U"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010793; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredavi; sid:2010793; rev:2;)

Added 2010-02-10 10:44:36 UTC


Topic revision: r1 - 2010-09-17 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats