alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN ZeroAccess? Response From P2P? Botnet CnC?"; flow:established,from_server; content:"|E5 AA C0 31|"; depth:4; content:"|5B 74|"; distance:5; within:2; content:"|C1|"; distance:4; within:2; classtype:trojan-activity; sid:2013912; rev:2;)

Added 2011-11-11 17:39:45 UTC


Topic revision: r1 - 2011-11-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats