2006912 < Main < EmergingThreats

EmergingThreats>

Main Web>2006912 (2018-09-13, TWikiGuest)

EditAttach

#alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED perlb0t/w0rmb0t Response (Case 3)"; flow:established,to_server; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|M.dia de envio|Tempo.|Total .)\x02/i"; reference:url,doc.emergingthreats.net/2006912; classtype:trojan-activity; sid:2006912; rev:10; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2018-09-13 19:39:14 UTC

Added 2018-09-13 17:53:31 UTC

#alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED perlb0t/w0rmb0t Response (Case 3)"; flow:established,to_server; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|M.dia de envio|Tempo.|Total .)\x02/i"; reference:url,doc.emergingthreats.net/2006912; classtype:trojan-activity; sid:2006912; rev:10; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:00:09 UTC

##alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED perlb0t/w0rmb0t Response (Case 3)"; flow:established,to_server; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|M.dia de envio|Tempo.|Total .)\x02/i"; reference:url,doc.emergingthreats.net/2006912; classtype:trojan-activity; sid:2006912; rev:10;)

Added 2011-10-21 14:50:59 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 3)"; flow:established; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|M.dia de envio|Tempo.|Total .)\x02/i"; reference:url,doc.emergingthreats.net/2006912; classtype:trojan-activity; sid:2006912; rev:8;)

Added 2011-10-12 19:21:51 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 3)"; flow:established; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|M.dia de envio|Tempo.|Total .)\x02/i"; classtype: trojan-activity; reference:url,doc.emergingthreats.net/2006912; sid:2006912; rev:8;)

Added 2011-09-14 22:35:23 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 3)"; flow:established; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|M.dia de envio|Tempo.|Total .)\x02/i"; classtype: trojan-activity; reference:url,doc.emergingthreats.net/2006912; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_IRC_Bots; sid:2006912; rev:8;)

Added 2011-02-04 17:25:55 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 3)"; flow:established; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|M.dia de envio|Tempo.|Total .)\x02/i"; classtype: trojan-activity; reference:url,doc.emergingthreats.net/2006912; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_IRC_Bots; sid:2006912; rev:8;)

Added 2010-07-15 03:01:02 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 3)"; flow:established; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|M.dia de envio|Tempo.|Total .)\x02/i"; classtype: trojan-activity; reference:url,doc.emergingthreats.net/2006912; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_IRC_Bots; sid:2006912; rev:8;)

Added 2010-07-15 03:01:02 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 3)"; flow:established; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|Média de envio|Tempo.|Total .)\x02/i"; classtype: trojan-activity; reference:url,doc.emergingthreats.net/2006912; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_IRC_Bots; sid:2006912; rev:7;)

Added 2009-07-29 15:22:55 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 3)"; flow:established; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|Média de envio|Tempo.|Total .)\x02/i"; classtype: trojan-activity; reference:url,doc.emergingthreats.net/2006912; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_IRC_Bots; sid:2006912; rev:7;)

Added 2009-07-29 15:22:55 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 3)"; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|Média de envio|Tempo.|Total .)\x02/i"; classtype: trojan-activity; reference:url,doc.emergingthreats.net/2006912; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_IRC_Bots; sid:2006912; rev:6;)

Added 2009-02-13 19:15:24 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 3)"; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|Média de envio|Tempo.|Total .)\x02/i"; classtype: trojan-activity; reference:url,doc.emergingthreats.net/2006912; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_IRC_Bots; sid:2006912; rev:6;)

Added 2009-02-13 19:15:24 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 3)"; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|Média de envio|Tempo.|Total .)\x02/i"; classtype: trojan-activity; sid:2006912; rev:5;)

Added 2008-08-27 11:15:21 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 3)"; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|Média de envio|Tempo.|Total .)\x02/i"; classtype: trojan-activity; sid:2006912; rev:5;)

Added 2008-08-27 11:15:21 UTC

alert tcp any any -> any any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 3)"; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|Média de envio|Tempo.|Total .)\x02/i"; classtype: trojan-activity; sid:2006912; rev:4;)

Added 2008-03-09 19:05:29 UTC

alert tcp any any -> any any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 3)"; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|Média de envio|Tempo.|Total .)\x02/i"; classtype: trojan-activity; sid:2006912; rev:4;)

Added 2008-03-09 19:05:29 UTC

alert tcp any any -> any any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 3)"; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|Média de envio|Tempo.|Total .)\x02/i"; flowbits:set,BE.trojan; classtype: trojan-activity; sid:2006912; rev:3;)

Added 2008-01-31 10:12:23 UTC

alert tcp any any -> any any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 3)"; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|Média de envio|Tempo.|Total .)\x02/i"; flowbits:set,BE.trojan; classtype: trojan-activity; sid:2006912; rev:3;)

Added 2008-01-31 10:12:23 UTC

alert tcp any any -> any any (msg: "BLEEDING-EDGE TROJAN perlb0t/w0rmb0t Response (Case 3)"; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|Média de envio|Tempo.|Total .)\x02/i"; flowbits:set,BE.trojan; classtype: trojan-activity; sid:2006912; rev:1;)

Added 2007-08-10 01:20:19 UTC

Topic revision: r1 - 2018-09-13 - TWikiGuest

Main

User Reference
ATasteOfTWiki
TextFormattingRules

Signature Reference
WebRss Feed
EmergingFAQ

alert tcp any any -> any any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 3)"; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|Média de envio|Tempo.*|Total .*)\x02/i"; classtype: trojan-activity; sid:2006912; rev:4;)

alert tcp any any -> any any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 3)"; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|Média de envio|Tempo.*|Total .*)\x02/i"; classtype: trojan-activity; sid:2006912; rev:4;)

alert tcp any any -> any any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 3)"; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|Média de envio|Tempo.|Total .)\x02/i"; classtype: trojan-activity; sid:2006912; rev:4;)

alert tcp any any -> any any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 3)"; flowbits:isset,is_proto_irc; content:"|3A 02|"; content:"|02|"; within: 32; pcre:"/\x3A\x02(Alvo dos Pacotes|Conectando-se em|Média de envio|Tempo.|Total .)\x02/i"; classtype: trojan-activity; sid:2006912; rev:4;)