alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Nitol.B Checkin"; flow:from_client,established; dsize:536<>1029; content:"|01 00 00 00|"; depth:4; content:!"|26|"; distance:0; within:1; content:"|26|"; distance:1; within:1; content:"|26|"; distance:61; within:1; content:"|26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26|"; distance:204; within:20; content:"|26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26|"; distance:12; within:20; classtype:trojan-activity; sid:2014601; rev:4;)

Added 2013-09-19 21:36:42 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Nitol.B Checkin"; flow:from_client,established; dsize:536<>1028; content:"|01 00 00 00|"; depth:4; content:!"|26|"; distance:0; within:1; content:"|26|"; distance:1; within:1; content:"|26|"; distance:61; within:1; content:"|26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26|"; distance:204; within:20; content:"|26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26|"; distance:12; within:20; classtype:trojan-activity; sid:2014601; rev:3;)

Added 2012-04-17 10:19:21 UTC


Topic revision: r1 - 2013-09-20 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats