alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Backdoor.Win32.Svlk Server Reply"; flow:from_server,established; dsize:44; content:"|33 39 0d ff 0a c4 e5 9f d5 ec 58 4a 69|"; depth:13; reference:url,www.threatexpert.com/report.aspx?md5=c929e8c75901c7e50685df0445a38bd0; classtype:trojan-activity; sid:2013892; rev:1;)

Added 2011-11-16 19:57:13 UTC


Topic revision: r1 - 2011-11-17 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats