alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Chinese Bootkit Checkin"; flow:established,to_server; content:".aspx"; http_uri; content:"a=Windows"; nocase; http_uri; content:"&b="; http_uri; content:"&c="; http_uri; content:"&f="; http_uri; content:"&k="; pcre:"/c=[a-z0-9]{2}-[a-z0-9]{2}-[a-z0-9]{2}-[a-z0-9]{2}-[a-z0-9]{2}-[a-z0-9]{2}/iU"; reference:url,www.securelist.com/en/blog/434/The_Chinese_bootkit; classtype:trojan-activity; sid:2012631; rev:5;)

Added 2014-09-12 16:28:31 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET [$HTTP_PORTS,8081] (msg:"ET CURRENT_EVENTS Chinese Bootkit Checkin"; flow:established,to_server; content:".aspx"; content:"a=Windows"; nocase; content:"&b="; content:"&c="; content:"&f="; content:"&k="; pcre:"/c=[a-z0-9]{2}-[a-z0-9]{2}-[a-z0-9]{2}-[a-z0-9]{2}-[a-z0-9]{2}-[a-z0-9]{2}/i"; reference:url,www.securelist.com/en/blog/434/The_Chinese_bootkit; classtype:trojan-activity; sid:2012631; rev:4;)

Added 2011-10-12 19:34:49 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET [$HTTP_PORTS,8081] (msg:"ET CURRENT_EVENTS Chinese Bootkit Checkin"; flow:established,to_server; content:".aspx"; content:"a=Windows"; nocase; content:"&b="; content:"&c="; content:"&f="; content:"&k="; pcre:"/c=[a-z0-9]{2}-[a-z0-9]{2}-[a-z0-9]{2}-[a-z0-9]{2}-[a-z0-9]{2}-[a-z0-9]{2}/i"; classtype:trojan-activity; reference:url,www.securelist.com/en/blog/434/The_Chinese_bootkit; sid:2012631; rev:4;)

Added 2011-04-06 17:38:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET [$HTTP_PORTS,8081] (msg:"ET CURRENT_EVENTS Chinese Bootkit Checkin"; flow:established,to_server; content:".aspx"; http_uri; content:"a=Windows"; nocase; http_uri; content:"&b="; http_uri; content:"&c="; http_uri; content:"&f="; http_uri; content:"&k="; pcre:"/c=[a-z0-9]{2}-[a-z0-9]{2}-[a-z0-9]{2}-[a-z0-9]{2}-[a-z0-9]{2}-[a-z0-9]{2}/iU"; classtype:trojan-activity; reference:url,www.securelist.com/en/blog/434/The_Chinese_bootkit; sid:2012631; rev:3;)

Added 2011-04-05 14:30:36 UTC


Topic revision: r1 - 2014-09-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats