alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32.Riberow.A (mkdir)"; flow:to_server,established; content:"/mkdir.php?dir="; http_uri; content:" HTTP/1.1|0d 0a|Host|3a| "; content:"|0d 0a|Pragma|3a| no-cache|0d 0a|Accept|3a| */*|0d 0a 0d 0a|"; within:70; content:!"User-Agent|3a|"; http_header; reference:url,www.threatexpert.com/report.aspx?md5=c55fe941b80b3e5e77be8728642d138e; classtype:trojan-activity; sid:2013669; rev:1;)

Added 2011-10-12 19:37:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32.Riberow.A (mkdir)"; flow:to_server,established; content:"/mkdir.php?dir="; http_uri; content:" HTTP/1.1|0d 0a|Host|3a| "; content:"|0d 0a|Pragma|3a| no-cache|0d 0a|Accept|3a| */*|0d 0a 0d 0a|"; within:70; content:!"User-Agent|3a|"; http_header; classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=c55fe941b80b3e5e77be8728642d138e; sid:2013669; rev:1;)

Added 2011-09-20 19:24:52 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats