alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Medfos/Midhos Checkin"; flow:to_server,established; content:"/id="; http_uri; content:"&rt="; distance:0; http_uri; content:"AAAAAAAAAAA"; http_uri; content:!"Accept|3a 20|"; http_header; content:!"Connection|3a 20|"; http_header; reference:md5,00da8acc14d0e827dbb1326c023fc720; reference:md5,8f561f46fb262cac6bb4cacf3e4e78a6; reference:md5,63491dcc8e897bf442599febe48b824d; classtype:trojan-activity; sid:2014722; rev:2;)

Added 2012-05-09 18:31:29 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Medfos/Midhos Checkin"; flow:to_server,established; content:"/id="; http_uri; content:"&rt="; distance:0; http_uri; content:"AAAAAAAAAAA"; http_uri; content:"VVVVVVVVVV"; http_uri; content:!"Accept|3a 20|"; http_header; content:!"Connection|3a 20|"; http_header; reference:md5,00da8acc14d0e827dbb1326c023fc720; reference:md5,8f561f46fb262cac6bb4cacf3e4e78a6; reference:md5,63491dcc8e897bf442599febe48b824d; classtype:trojan-activity; sid:2014722; rev:1;)

Added 2012-05-07 21:36:06 UTC


Topic revision: r1 - 2012-05-09 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats