alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Loki Bot User-Agent (Charon/Inferno)"; flow:established,to_server; content:"(Charon|3b| Inferno)"; http_user_agent; fast_pattern:only; classtype:trojan-activity; sid:2021641; rev:5;)

Added 2016-09-22 17:54:45 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Fareit/Pony Loader User-Agent (Charon/Inferno)"; flow:established,to_server; content:"(Charon|3b| Inferno)"; http_user_agent; fast_pattern:only; classtype:trojan-activity; sid:2021641; rev:4;)

Added 2016-08-25 16:52:12 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Fareit/Pony Loader User-Agent"; flow:established,to_server; content:"(Charon|3b| Inferno)"; http_user_agent; fast_pattern:only; classtype:trojan-activity; sid:2021641; rev:3;)

Added 2015-08-17 18:58:12 UTC


Topic revision: r1 - 2016-09-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats