alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN MUROFET/Licat Trojan"; flow:established,to_server; content:"GET"; nocase; http_method; content:!"|0d 0a|Referer|3a|"; nocase; content:"/news/?s="; fast_pattern; http_uri; pcre:"/news\/\?s=\d{1,6}$/U"; reference:url,extraexploit.blogspot.com/2010/10/some-domains-for-licatmurofettrojanzbot.html; classtype:trojan-activity; sid:2011825; rev:9; metadata:created_at 2010_10_18, updated_at 2010_10_18;)

Added 2017-08-07 21:04:53 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN MUROFET/Licat Trojan"; flow:established,to_server; content:"GET"; nocase; http_method; content:!"|0d 0a|Referer|3a|"; nocase; content:"/news/?s="; http_uri; pcre:"/news\/\?s=\d{1,6}$/U"; reference:url,extraexploit.blogspot.com/2010/10/some-domains-for-licatmurofettrojanzbot.html; classtype:trojan-activity; sid:2011825; rev:8;)

Added 2012-03-19 23:39:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN MUROFET/Licat Trojan"; flow:established,to_server; content:"GET"; http_method; content:!"|0d 0a|Referer|3a|"; nocase; content:"/news/?s="; http_uri; pcre:"/news\/\?s=\d{1,6}$/U"; reference:url,extraexploit.blogspot.com/2010/10/some-domains-for-licatmurofettrojanzbot.html; classtype:trojan-activity; sid:2011825; rev:7;)

Added 2011-10-12 19:32:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN MUROFET/Licat Trojan"; flow:established,to_server; content:"GET"; http_method; content:!"|0d 0a|Referer|3a|"; nocase; content:"/news/?s="; http_uri; pcre:"/news\/\?s=\d{1,6}$/U"; classtype:trojan-activity; reference:url,extraexploit.blogspot.com/2010/10/some-domains-for-licatmurofettrojanzbot.html; sid:2011825; rev:7;)

Added 2011-07-02 23:01:34 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN MUROFET/Licat Trojan"; flow:established,to_server; content:"GET"; http_method; content:!"|0d 0a|Referer|3a|"; nocase; content:"/news/?s="; http_uri; pcre:"/news\/\?s=\d{1,6}$/U"; classtype:trojan-activity; reference:url,extraexploit.blogspot.com/2010/10/some-domains-for-licatmurofettrojanzbot.html; sid:2011825; rev:7;)

Added 2011-07-02 01:12:34 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS MUROFET/Licat Trojan"; flow:established,to_server; content:"GET"; http_method; content:!"|0d 0a|Referer|3a|"; nocase; content:"/news/?s="; http_uri; pcre:"/news\/\?s=\d{1,4}$/U"; classtype:trojan-activity; reference:url,extraexploit.blogspot.com/2010/10/some-domains-for-licatmurofettrojanzbot.html; sid:2011825; rev:5;)

Added 2011-02-04 17:31:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS MUROFET/Licat Trojan"; flow:established,to_server; content:"GET "; nocase; depth:4; content:!"|0d 0a|Referer|3a|"; nocase; uricontent:"/news/?s="; pcre:"/news\?s=\d{1,3}/U"; classtype:trojan-activity; reference:url,extraexploit.blogspot.com/2010/10/some-domains-for-licatmurofettrojanzbot.html; sid:2011825; rev:4;)

Topic revision: r1 - 2010-10-28 - PhilipPlantamura
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats