#alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; classtype:trojan-activity; sid:2003176; rev:6; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
Added 2018-09-13 19:38:35 UTC
Added 2018-09-13 17:53:08 UTC
#alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; classtype:trojan-activity; sid:2003176; rev:6; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
Added 2017-08-07 20:56:31 UTC
#alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; classtype:trojan-activity; sid:2003176; rev:5;)
Added 2011-10-12 19:12:59 UTC
#alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; sid:2003176; rev:5;)
Added 2011-09-14 22:25:56 UTC
#alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2003176; rev:5;)
Added 2011-03-25 14:48:54 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2003176; rev:5;)
Added 2011-02-04 17:22:17 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2003176; rev:5;)
Added 2009-02-13 19:47:26 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2003176; rev:5;)
Added 2009-02-13 19:47:26 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2003176; rev:5;)
Added 2009-02-13 19:46:39 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2003176; rev:5;)
Added 2009-02-13 19:46:39 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2003176; rev:5;)
Added 2009-02-13 19:45:24 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2003176; rev:5;)
Added 2009-02-13 19:45:24 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; sid:2003176; rev:4;)
Added 2008-01-31 10:12:24 UTC
Have seen fast and furious bittorrent falses on this one.
--
MikeWazowski - 13 May 2008
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; sid:2003176; rev:4;)
Added 2008-01-31 10:12:24 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; sid:2003176; rev:3;)