alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; metadata: former_category TROJAN; reference:url,vil.nai.com/vil/content/v_141203.htm; reference:url,doc.emergingthreats.net/2008017; classtype:trojan-activity; sid:2008017; rev:4; metadata:created_at 2010_07_30, updated_at 2017_05_11;)

Added 2018-09-13 19:39:35 UTC

Added 2018-09-13 17:53:42 UTC

alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; metadata: former_category TROJAN; reference:url,vil.nai.com/vil/content/v_141203.htm; reference:url,doc.emergingthreats.net/2008017; classtype:trojan-activity; sid:2008017; rev:4; metadata:created_at 2010_07_30, updated_at 2017_05_11;)

Added 2017-08-07 21:01:13 UTC

alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; reference:url,vil.nai.com/vil/content/v_141203.htm; reference:url,doc.emergingthreats.net/2008017; classtype:trojan-activity; sid:2008017; rev:4;)

Added 2017-05-12 14:59:42 UTC

alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello,World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; reference:url,vil.nai.com/vil/content/v_141203.htm; reference:url,doc.emergingthreats.net/2008017; classtype:trojan-activity; sid:2008017; rev:3;)

Added 2011-10-12 19:24:16 UTC

alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello,World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; classtype:trojan-activity; reference:url,vil.nai.com/vil/content/v_141203.htm; reference:url,doc.emergingthreats.net/2008017; sid:2008017; rev:3;)

Added 2011-09-14 22:37:45 UTC

alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello,World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; classtype:trojan-activity; reference:url,vil.nai.com/vil/content/v_141203.htm; reference:url,doc.emergingthreats.net/2008017; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Philis; sid:2008017; rev:3;)

Added 2011-02-04 17:27:07 UTC

alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello,World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; classtype:trojan-activity; reference:url,vil.nai.com/vil/content/v_141203.htm; reference:url,doc.emergingthreats.net/2008017; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Philis; sid:2008017; rev:3;)

Added 2009-02-13 19:30:24 UTC

alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello,World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; classtype:trojan-activity; reference:url,vil.nai.com/vil/content/v_141203.htm; reference:url,doc.emergingthreats.net/2008017; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Philis; sid:2008017; rev:3;)

Added 2009-02-13 19:30:24 UTC

alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello,World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; classtype:trojan-activity; reference:url,vil.nai.com/vil/content/v_141203.htm; sid:2008017; rev:2;)

Added 2008-03-18 22:28:50 UTC

alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello,World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; classtype:trojan-activity; reference:url,vil.nai.com/vil/content/v_141203.htm; sid:2008017; rev:2;)

Added 2008-03-18 22:28:50 UTC

alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello, World)"; icode:0; itype:0; dsize:11; content:"Hello, World"; classtype:trojan-activity; reference:url,vil.nai.com/vil/content/v_141203.htm; sid:2008017; rev:1;)

Added 2008-03-18 22:19:54 UTC

This is any to any because most pinging will be local net to local net. But it'll be interesting if you see these coming in from the outside. As it's setup that's unlikely to happen, and will indicate a shift in tactics.

-- MattJonkman - 19 Mar 2008