EmergingThreats> Main Web>2007962 (revision 4)EditAttach

alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Vipdataend C&C Traffic - Checkin"; flow:established,to_server; dsize:<20; content:"|3a|"; depth:5; offset:2; content:"|7c| "; within:8; depth:12; classtype:trojan-activity; sid:2007962; rev:4;)

Added 2008-06-24 23:26:43 UTC


alert tcp $HOME_NET 1024: -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Vipdataend C&C Traffic - Checkin"; flow:established,to_server; dsize:<20; content:"|3a|"; depth:5; offset:2; content:"|7c| "; within:8; depth:12; classtype:trojan-activity; sid:2007962; rev:3;)

Added 2008-05-14 15:47:37 UTC


alert tcp $HOME_NET 1024: -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Vipdataend C&C Traffic - Checkin"; flow:established,to_server; dsize:<20; content:"|3a|"; depth:3; offset:2; content:"|7c| "; within:8; depth:12; classtype:trojan-activity; sid:2007962; rev:2;)

Added 2008-05-14 14:36:14 UTC



alert tcp $HOME_NET 1024: -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Vipdataend C&C Traffic - Checkin"; flow:established,to_server; dsize:<20; content:"HX|3a|212|7c|win "; offset:0; classtype:trojan-activity; sid:2007962; rev:1;)

Added 2008-03-09 20:49:17 UTC

re 0f5a56e87c9c7a328dcd29e012e3f0f8 and fc7538d589ee77929e107f444c038aad

-- MattJonkman - 10 Mar 2008


Topic attachments
I Attachment Action Size Date Who Comment
Unknown file formatpcap base_packet_7-24954.pcap manage 0.1 K 2008-06-30 - 20:58 UnknownUser False positive of 2007962
Edit | Attach | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r4 - 2008-07-01 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats