EmergingThreats> Main Web>2003182 (revision 1)EditAttach

alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"ET TROJAN Prg Trojan v0.1-v0.3 Data Upload"; flow:to_server,established; content:"POST"; uricontent:"php?"; content:"Content-Type|3a20|binary"; within:512; content:"LLAH"; within:512; reference:url,ip.securescience.net/advisories/pubMalwareCaseStudy.pdf; classtype:trojan-activity; sid:2003182; rev:3;)

Added 2008-01-31 10:12:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"ET TROJAN Prg Trojan v0.1-v0.3 Data Upload"; flow:to_server,established; content:"POST"; uricontent:"php?"; content:"Content-Type|3a20|binary"; within:512; content:"LLAH"; within:512; reference:url,ip.securescience.net/advisories/pubMalwareCaseStudy.pdf; classtype:trojan-activity; sid:2003182; rev:3;)

Added 2008-01-31 10:12:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"BLEEDING-EDGE TROJAN Prg Trojan v0.1-v0.3 Data Upload"; flow:to_server,established; content:"POST"; uricontent:"php?"; content:"Content-Type|3a20|binary"; within:512; content:"LLAH"; within:512; reference:url,ip.securescience.net/advisories/pubMalwareCaseStudy.pdf; classtype:trojan-activity; sid:2003182; rev:2;)

Added 2007-03-27 03:15:18 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"BLEEDING-EDGE TROJAN Prg Trojan v0.1-v0.3 Data Upload"; flow:to_server,established; content:"POST"; uricontent:"php?"; content:"Content-Type|3a20|binary"; within:512; content:"TLLAH"; within:512; reference:url,ip.securescience.net/advisories/pubMalwareCaseStudy.pdf; classtype:trojan-activity; sid:2003182; rev:1;)



Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 2008-07-07 - TomBicer
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats