#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Trojan-Clicker.Win32.Agent.qqf Checkin"; flow:to_server,established; content:"GET"; nocase; http_method; content:"|2f|sogou"; http_uri; pcre:"/\x2fsogou(config)?\x2f/Ui"; reference:url,www.threatexpert.com/report.aspx?md5=f468778836fd27a2ccca88c99f6dd3e9; classtype:trojan-activity; sid:2012643; rev:2; metadata:created_at 2011_04_06, updated_at 2011_04_06;)

Added 2017-08-07 21:05:48 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Trojan-Clicker.Win32.Agent.qqf Checkin"; flow:to_server,established; content:"GET"; nocase; http_method; content:"|2f|sogou"; http_uri; pcre:"/\x2fsogou(config)?\x2f/Ui"; reference:url,www.threatexpert.com/report.aspx?md5=f468778836fd27a2ccca88c99f6dd3e9; classtype:trojan-activity; sid:2012643; rev:2;)

Added 2014-10-20 18:04:18 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET [3366,8081] (msg:"ET TROJAN Trojan-Clicker.Win32.Agent.qqf Checkin"; flow:to_server,established; content:"GET "; nocase; depth:4; content:"|2f|sogou"; within:32; pcre:"/\x2fsogou(config)?\x2f/"; reference:url,www.threatexpert.com/report.aspx?md5=f468778836fd27a2ccca88c99f6dd3e9; classtype:trojan-activity; sid:2012643; rev:3;)

Added 2012-03-19 23:39:12 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET [3366,8081] (msg:"ET TROJAN Trojan-Clicker.Win32.Agent.qqf Checkin"; flow:to_server,established; content:"GET "; depth:4; content:"|2f|sogou"; within:32; pcre:"/\x2fsogou(config)?\x2f/"; reference:url,www.threatexpert.com/report.aspx?md5=f468778836fd27a2ccca88c99f6dd3e9; classtype:trojan-activity; sid:2012643; rev:2;)

Added 2011-10-12 19:34:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET [3366,8081] (msg:"ET TROJAN Trojan-Clicker.Win32.Agent.qqf Checkin"; flow:to_server,established; content:"GET "; depth:4; content:"|2f|sogou"; within:32; pcre:"/\x2fsogou(config)?\x2f/"; classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=f468778836fd27a2ccca88c99f6dd3e9; sid:2012643; rev:2;)

Added 2011-04-06 17:38:10 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats