alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Smoke Loader Checkin r=gate"; flow:established,to_server; content:".php?r=gate&"; http_uri; content:"&group="; http_uri; distance:0; content:"&debug="; http_uri; distance:0; content:"5.0 (Windows|3b| U|3b| MSIE 9"; http_header; reference:md5,7ef1e61d9b394a972516cc453bf0ec06; classtype:trojan-activity; sid:2014728; rev:6;)

Added 2014-11-06 18:18:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Smoke Loader Checkin r=gate"; flow:established,to_server; content:".php?r=gate&"; http_uri; content:"&group="; http_uri; distance:0; content:"&debug="; http_uri; distance:0; content:"5.0 (Windows|3b| U|3b| MSIE 9"; http_header; reference: md5,7ef1e61d9b394a972516cc453bf0ec06; classtype:trojan-activity; sid:2014728; rev:4;)

Added 2014-03-24 20:26:47 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Smoke Loader Checkin r=gate"; flow:established,to_server; content:".php?r=gate&"; http_uri; content:"&group="; http_uri; distance:0; content:"&debug="; http_uri; distance:0; content:"5.0 (Windows|3b| U|3b| MSIE 9"; http_header; reference:md5,fafada188ce47a1459f4fcea487f06b5; classtype:trojan-activity; sid:2014728; rev:3;)

Added 2012-05-09 18:31:30 UTC


Topic revision: r1 - 2014-11-06 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats