alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/Simbot.Backdoor Checkin"; flow:established,to_server; content:"/rclgx.php?id="; depth:14; http_uri; reference:md5,a4edc9d31bc0ad763b3424e9306f4d7c; classtype:trojan-activity; sid:2014719; rev:2; metadata:created_at 2012_05_07, updated_at 2012_05_07;)

Added 2017-08-07 21:08:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN W32/Simbot.Backdoor Checkin"; flow:established,to_server; content:"GET /rclgx.php?id="; depth:18; reference:md5,a4edc9d31bc0ad763b3424e9306f4d7c; classtype:trojan-activity; sid:2014719; rev:1;)

Added 2012-05-07 21:36:05 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats