alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredolab/Hiloti/Mufanom Downloader Checkin 2"; flow:established,to_server; uricontent:"/get2.php?c="; nocase; uricontent:"&d="; nocase; pcre:"/\/get2\.php\?c=[A-Z]{8}&d=[0-9A-F]{250,}$/U"; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fHiloti.gen!A; reference:url,doc.emergingthreats.net/2011388; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab; sid:2011388; rev:2;)

Added 2010-08-25 10:01:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredolab/Hiloti/Mufanom Downloader Checkin 2"; flow:established,to_server; uricontent:"/get2.php?c="; nocase; uricontent:"&d="; nocase; pcre:"/\/get2\.php\?c=[A-Z]{8}&d=[0-9A-F]{250,}$/U"; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fHiloti.gen!A; reference:url,doc.emergingthreats.net/2011388; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab; sid:2011388; rev:2;)

Added 2010-08-25 10:01:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredolab/Hiloti/Mufanom Downloader Checkin 2"; flow:established,to_server; uricontent:"/get2.php?c="; nocase; uricontent:"&d="; nocase; pcre:"/\/get\.php\?c=[A-Z]{8}&d=[0-9A-F]{250,}$/U"; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fHiloti.gen!A; reference:url,doc.emergingthreats.net/2011388; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab; sid:2011388; rev:1;)

Added 2010-08-25 08:46:29 UTC


Topic revision: r1 - 2010-08-25 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats