alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN DNSTrojan FakeAV? Dropper Activity Observed (1)"; flow:established,to_server; content:"v="; http_uri; nocase; content:"&step="; http_uri; nocase; content:"&hostid="; http_uri; nocase; reference:url,www.abuse.ch/?p=2740; reference:url,www.abuse.ch/?p=2796; reference:url,www.threatexpert.com/report.aspx?md5=c59cdd1366dd5c2f448c03738ec0dc88; reference:url,www.threatexpert.com/report.aspx?md5=b93360ec3798215a5cca573747df0139; classtype:trojan-activity; sid:2011577; rev:3; metadata:created_at 2010_09_27, updated_at 2010_09_27;)

Added 2017-08-07 21:04:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN DNSTrojan FakeAV? Dropper Activity Observed (1)"; flow:established,to_server; content:"v="; http_uri; nocase; content:"&step="; http_uri; nocase; content:"&hostid="; http_uri; nocase; reference:url,www.abuse.ch/?p=2740; reference:url,www.abuse.ch/?p=2796; reference:url,www.threatexpert.com/report.aspx?md5=c59cdd1366dd5c2f448c03738ec0dc88; reference:url,www.threatexpert.com/report.aspx?md5=b93360ec3798215a5cca573747df0139; classtype:trojan-activity; sid:2011577; rev:2;)

Added 2011-10-12 19:32:19 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN DNSTrojan FakeAV? Dropper Activity Observed (1)"; flow:established,to_server; content:"v="; http_uri; nocase; content:"&step="; http_uri; nocase; content:"&hostid="; http_uri; nocase; classtype:trojan-activity; reference:url,www.abuse.ch/?p=2740; reference:url,www.abuse.ch/?p=2796; reference:url,www.threatexpert.com/report.aspx?md5=c59cdd1366dd5c2f448c03738ec0dc88; reference:url,www.threatexpert.com/report.aspx?md5=b93360ec3798215a5cca573747df0139; sid:2011577; rev:2;)

Added 2011-02-04 17:31:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN DNSTrojan FakeAV? Dropper Activity Observed (1)"; flow:established,to_server; uricontent:"v="; nocase; uricontent:"&step="; nocase; uricontent:"&hostid="; nocase; classtype:trojan-activity; reference:url,www.abuse.ch/?p=2740; reference:url,www.abuse.ch/?p=2796; reference:url,www.threatexpert.com/report.aspx?md5=c59cdd1366dd5c2f448c03738ec0dc88; reference:url,www.threatexpert.com/report.aspx?md5=b93360ec3798215a5cca573747df0139; sid:2011577; rev:1;)

Topic revision: r1 - 2010-10-28 - PhilipPlantamura
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats