alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Peed Checkin"; flow:established,to_server; content:"POST"; nocase; http_method; content:".php"; http_uri; content:"|20|HTTP/1.1|0d 0a|Host|3a 20|"; content:"Content-Type|3a| application/x-www-form-urlencoded|3b 20|charset=UTF-8|0d 0a|Connection|3a| close|0d 0a 0d 0a|"; http_header; content:!"User-Agent|3a|"; http_header; content:"aa1020R0="; depth:9; fast_pattern; http_client_body; content:"%3D%0D%0A"; offset:109; http_client_body; reference:md5,142ff7d3d931ecfa9a06229842ceefc4; reference:md5,df690cbf6e33e9ee53fdcfc456dc4c1f; classtype:trojan-activity; sid:2014347; rev:4;)

Added 2012-03-31 09:36:54 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Peed Checkin"; flow:established,to_server; content:"POST"; nocase; http_method; content:".php"; http_uri; content:"|20|HTTP/1.1|0d 0a|Host|3a 20|"; content:"Content-Type|3a| application/x-www-form-urlencoded|3b 20|charset=UTF-8|0d 0a|Connection|3a| close|0d 0a 0d 0a|"; http_header; content:!"User-Agent|3a|"; http_header; file_data; content:"aa1020R0="; within:9; fast_pattern; content:"%3D%0D%0A"; distance:100; reference:md5,142ff7d3d931ecfa9a06229842ceefc4; reference:md5,df690cbf6e33e9ee53fdcfc456dc4c1f; classtype:trojan-activity; sid:2014347; rev:3;)

Added 2012-03-27 00:27:12 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Peed Checkin"; flow:established,to_server; content:"POST"; http_method; content:".php"; http_uri; content:"|20|HTTP/1.1|0d 0a|Host|3a 20|"; content:"Content-Type|3a| application/x-www-form-urlencoded|3b 20|charset=UTF-8|0d 0a|Connection|3a| close|0d 0a 0d 0a|"; http_header; content:!"User-Agent|3a|"; http_header; file_data; content:"aa1020R0="; within:9; fast_pattern; content:"%3D%0D%0A"; distance:100; reference:md5,142ff7d3d931ecfa9a06229842ceefc4; reference:md5,df690cbf6e33e9ee53fdcfc456dc4c1f; classtype:trojan-activity; sid:2014347; rev:2;)

Added 2012-03-08 18:30:48 UTC


Topic revision: r1 - 2012-03-31 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats