alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Meredrop/Nusump Checkin"; flow:established,to_server; content:"?id="; http_uri; content:"&co="; http_uri; content:"&us="; http_uri; content:"&os="; http_uri; content:"&vr="; http_uri; content:"&dt="; http_uri; fast_pattern:only; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FNusump&ThreatID=-2147329857; reference:url,www.threatexpert.com/report.aspx?md5=ef0616d75bd892ed69fe22a510079686; reference:url,www.threatexpert.com/report.aspx?md5=463cdec2df12a04d6ea1d015746ee950; classtype:trojan-activity; sid:2011489; rev:4;)

Added 2011-10-12 19:32:06 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Meredrop/Nusump Checkin"; flow:established,to_server; content:"?id="; http_uri; content:"&co="; http_uri; content:"&us="; http_uri; content:"&os="; http_uri; content:"&vr="; http_uri; content:"&dt="; http_uri; fast_pattern:only; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FNusump&ThreatID=-2147329857; reference:url,www.threatexpert.com/report.aspx?md5=ef0616d75bd892ed69fe22a510079686; reference:url,www.threatexpert.com/report.aspx?md5=463cdec2df12a04d6ea1d015746ee950; sid:2011489; rev:4;)

Added 2011-08-29 16:09:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Meredrop or similar Checkin"; flow:established,to_server; content:"?id="; http_uri; content:"&co="; http_uri; content:"&us="; http_uri; content:"&os="; http_uri; content:"&vr="; http_uri; content:"&dt="; http_uri; fast_pattern:only; classtype:trojan-activity; sid:2011489; rev:3;)

Added 2011-02-04 17:31:17 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Meredrop or similar Checkin"; flow:established,to_server; uricontent:"?id="; uricontent:"&co="; uricontent:"&us="; uricontent:"&os="; uricontent:"&vr="; uricontent:"&dt="; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2011489; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Meredrop; sid:2011489; rev:2;)

Added 2010-09-13 23:44:03 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats