alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32.Sykipot Put"; flow:established,from_client; content:"/kys_allow_put.asp?type="; http_uri; content:"&hostname="; http_uri; reference:cve,CVE-2011-2462; reference:url,blog.9bplus.com/analyzing-cve-2011-2462; reference:url,contagiodump.blogspot.com/2011/12/adobe-zero-day-cve-2011-2462.html; classtype:trojan-activity; sid:2014007; rev:2; metadata:created_at 2011_12_08, updated_at 2011_12_08;)

Added 2017-08-07 21:07:19 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Backdoor.Win32.Sykipot Put"; flow:established,from_client; content:"/kys_allow_put.asp?type="; http_uri; content:"&hostname="; http_uri; reference:cve,CVE-2011-2462; reference:url,blog.9bplus.com/analyzing-cve-2011-2462; reference:url,contagiodump.blogspot.com/2011/12/adobe-zero-day-cve-2011-2462.html; classtype:trojan-activity; sid:2014007; rev:1;)

Added 2011-12-08 18:37:09 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats