alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Taidoor Checkin"; flow:established,to_server; urilen:32; content:".php?id="; http_uri; offset:6; depth:8; pcre:"/^\/[a-z]{5}\.php\?id=[A-Z0-9]{18}$/U"; content:"MSIE 6.0|3b|"; http_user_agent; reference:md5,f4b8b51b75f67e68d0c1a9639e2488c3; classtype:trojan-activity; sid:2015808; rev:5; metadata:created_at 2012_10_17, updated_at 2012_10_17;)

Added 2017-08-07 21:09:25 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET [$HTTP_PORTS,443] (msg:"ET TROJAN Taidoor Checkin"; flow:established,to_server; content:"GET "; depth:4; content:".php?id="; fast_pattern; distance:6; within:8; pcre:"/^GET\s\/[a-z]{5}\.php\?id=[A-Z0-9]{18}\sHTTP\/1\.[0-1]\r\n/"; content:"MSIE 6.0|3b|"; distance:0; reference:md5,f4b8b51b75f67e68d0c1a9639e2488c3; classtype:trojan-activity; sid:2015808; rev:1;)

Added 2014-04-21 19:36:52 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET [$HTTP_PORTS,443] (msg:"ET TROJAN Taidoor Checkin"; flow:established,to_server; content:"GET "; depth:4; content:".php?id="; fast_pattern; distance:6; within:8; pcre:"/^GET\s\/[a-z]{5}\.php\?id=[A-Z0-9]{18}\sHTTP\/1\.[0-1]\r\n/"; content:"MSIE 6.0|3b|"; distance:0; classtype:trojan-activity; sid:2015808; rev:1;)

Added 2013-06-11 21:40:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET [$HTTP_PORTS,443] (msg:"ET TROJAN Taidoor C2"; flow:established,to_server; content:"GET "; depth:4; content:".php?id="; fast_pattern; distance:6; within:8; pcre:"/^GET\s\/[a-z]{5}\.php\?id=[A-Z0-9]{18}\sHTTP\/1\.[0-1]\r\n/"; content:"MSIE 6.0|3b|"; distance:0; classtype:trojan-activity; sid:2015808; rev:1;)

Added 2012-10-17 00:37:38 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats