##alert http $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET DELETED Unknown Web Backdoor Keep-Alive"; flow:established,to_server; urilen:13; content:"POST"; http_method; nocase; content:"/bbs/info.asp"; http_uri; classtype:trojan-activity; sid:2012250; rev:3;)

Added 2014-06-19 18:11:42 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Unknown Web Backdoor Keep-Alive"; flow:established,to_server; content:"POST /bbs/info.asp "; depth:19; dsize:<170; classtype:trojan-activity; sid:2012250; rev:1;)

Added 2012-07-31 21:24:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Unknown Web Backdoor Keep-Alive"; flow:established,to_server; content:"POST /bbs/info.asp "; depth:19; dsize:<170; classtype:trojan-activity; sid:2012250; rev:1;)

Added 2011-11-16 19:57:11 UTC


Topic revision: r1 - 2014-06-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats