alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32.Agent2.fher Related User-Agent (Microsoft Internet Updater)"; flow:established,to_server; content:"User-Agent|3a| Microsoft|20|Internet|20|Updater|0d 0a|"; http_header; fast_pattern:12,20; reference:md5,2c832d51e4e72dc3939c224cc282152c; classtype:trojan-activity; sid:2015528; rev:4; metadata:created_at 2012_07_26, updated_at 2012_07_26;)

Added 2017-08-07 21:09:07 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET [5080,$HTTP_PORTS] (msg:"ET TROJAN Win32.Agent2.fher Related User-Agent (Microsoft Internet Updater)"; flow:established,to_server; content:"User-Agent|3a| Microsoft|20|Internet|20|Updater|0d 0a|"; fast_pattern:12,20; reference:md5,2c832d51e4e72dc3939c224cc282152c; classtype:trojan-activity; sid:2015528; rev:3;)

Added 2012-07-30 21:02:07 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET [5080,$HTTP_PORTS] (msg:"ET TROJAN Trojan.Win32.Agent2.fher User-Agent (Microsoft Internet Updater)"; flow:established,to_server; content:"User-Agent|3a| Microsoft|20|Internet|20|Updater|0d 0a|"; fast_pattern:12,20; reference:md5,2c832d51e4e72dc3939c224cc282152c; classtype:trojan-activity; sid:2015528; rev:3;)

Added 2012-07-26 20:15:47 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats