#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN W32/Sogu Remote Access Trojan Social Media Embedded CnC? Channel"; flow:established,to_client; content:"DZKS"; content:"DZJS"; within:50; reference:url,blogs.norman.com/2012/security-research/trojan-moves-its-configuration-to-twitter-linkedin-msdn-and-baidu; classtype:trojan-activity; sid:2014618; rev:3; metadata:created_at 2012_04_19, updated_at 2012_04_19;)

Added 2017-08-07 21:08:03 UTC


#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN W32/Sogu Remote Access Trojan Social Media Embedded CnC? Channel"; flow:established,to_client; content:"DZKS"; content:"DZJS"; within:50; reference:url,blogs.norman.com/2012/security-research/trojan-moves-its-configuration-to-twitter-linkedin-msdn-and-baidu; classtype:trojan-activity; sid:2014618; rev:3;)

Added 2014-09-09 17:58:11 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN W32/Sogu Remote Access Trojan Social Media Embedded CnC? Channel"; flow:established,to_client; file_data; content:"DZKS"; distance:0; content:"DZJS"; within:50; reference:url,blogs.norman.com/2012/security-research/trojan-moves-its-configuration-to-twitter-linkedin-msdn-and-baidu; classtype:trojan-activity; sid:2014618; rev:1;)

Added 2012-04-19 18:16:43 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats