EmergingThreats> Main Web>2008059 (revision 2)EditAttach

##alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET DELETED Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; reference:url,doc.emergingthreats.net/2008059; classtype:trojan-activity; sid:2008059; rev:4;)

Added 2012-01-12 22:16:40 UTC

length = 1338

000 : 07 46 90 AB 73 47 9F C3 0D 19 20 B2 62 C5 D0 CC .F..sG.... .b... 010 : 7B 3E FB CF 4D 85 96 F3 80 F8 0F 7C 66 39 56 FB {>..M......|f9V. 020 : ED 28 69 45 3E 4A 3B 08 34 BB AB 48 F4 09 F1 4D .(iE>J;.4..H...M 030 : EB 38 D4 28 35 F7 E6 C5 36 C4 70 5C 82 49 E6 7E .8.(5...6.p\.I.~ 040 : 7E B5 CA 49 45 FC 2A 9B 41 B3 76 1C 72 7A D2 6D ~..IE.*.A.v.rz.m 050 : EE 31 93 9A F8 E3 F0 FB 13 9D 69 12 55 3E 66 DC .1........i.U>f. 060 : 82 D5 96 B0 87 80 CA 0C 20 ED 95 14 68 54 BD 2E ........ ...hT.. 070 : DB 8C 63 2B FD 6B E9 C8 5E 66 E9 A6 F1 AF CC 7C ..c+.k..^f.....| 080 : 72 8B DF A0 E6 27 AA 54 C3 47 4D 8C 60 1E 2D 2E r....'.T.GM.`.-. 090 : DA EF D0 91 8C C4 35 C8 8C 40 2D 02 9B A5 89 08 ......5..@-..... 0a0 : FE 87 25 F1 73 CE 08 5E 65 D2 A6 B3 ED 43 8F 29 ..%.s..^e....C.) 0b0 : 9D 26 2C 61 6D FF 62 13 DE C3 4D 78 91 AE 81 5A .&,am.b...Mx...Z 0c0 : F6 89 94 21 7F 55 58 C2 B8 C3 CB CC AD D6 E4 E9 ...!UX......... 0d0 : 63 AE 66 B8 E2 45 AB 74 73 2B 6F 1A 40 5C 3C F4 c.f..E.ts+o.@\<. 0e0 : 17 E7 C5 A0 E0 E8 9E E1 65 8E 4E 90 86 D5 58 78 ........e.N...Xx 0f0 : 38 8E F5 A0 28 48 8E 62 A1 D5 07 E1 25 4E 6F E7 8...(H.b....%No. 100 : 17 E5 7C 27 D6 AB 79 97 BF 06 B0 EF 63 AB C8 B8 ..|'..y.....c... 110 : C4 F7 B2 03 A3 E7 C2 63 96 58 72 37 45 1F E7 18 .......c.Xr7E... 120 : 5E E7 DF 31 96 37 C1 E4 80 E5 7D 05 39 E5 55 C2 ^..1.7....}.9.U. 130 : E0 B5 B9 C7 FA 2B BC 3A E4 E7 42 46 C2 03 E1 2B .....+.:..BF...+ 140 : 70 BE 29 26 42 8A 0D F7 D2 29 B2 C2 BF 1B 3F BF p.)&B....)....?. 150 : 5C A4 0F 9A 77 CA E6 57 D8 D8 C3 2B 17 E0 42 2A \...w..W...+..B* 160 : 22 79 7D 12 8B B9 D9 13 F1 17 F4 14 8A EC 1B 01 "y}............. 170 : D0 4F 75 E0 90 28 82 6B 7E 64 DE 39 5A F5 19 4A .Ou..(.k~d.9Z..J 180 : D3 5E 98 99 77 CB 7A 2A 82 08 C7 86 93 D2 27 99 .^..w.z*......'. 190 : 65 2A 8B A9 58 8F F2 03 65 2F 7B 04 72 B4 AA A7 e*..X...e/{.r... 1a0 : 7A 8E 13 05 51 B4 33 A0 DC 29 E4 1D 85 3F 37 4F z...Q.3..)...?7O 1b0 : 68 6A 2C 7D DC 95 8E 74 94 49 D7 89 C7 A3 4C DF hj,}...t.I....L. 1c0 : 70 22 E8 16 A0 EB E3 FE 4C 7B 83 73 E7 E8 5F B9 p"......L{.s.._. 1d0 : 8E 01 F4 7E 38 1C AD D1 A5 C4 D8 3E 4D 08 BA B9 ...~8......>M... 1e0 : A3 6A BA 00 C0 DB 62 96 D8 1A C6 98 AB 27 00 91 .j....b......'.. 1f0 : DE 41 18 9C 31 B6 68 60 69 FA 47 07 A0 5C D9 1C .A..1.h`i.G..\.. 200 : 21 6D A3 0D 56 D8 4B 8F A0 B9 0F 0A 43 3E A1 88 m..V.K.....C>.. 210 : 2F EA EA D8 AD 66 F9 3E 8A 78 9B 44 E8 8D FF AC /....f.>.x.D.... 220 : A4 81 49 2A 06 3B F2 02 58 4F 60 51 37 94 EE 2E ..I*.;..XO`Q7... 230 : E4 9C D4 92 D3 9B 95 A9 14 36 2A 20 16 72 4B 61 .........6* .rKa 240 : 0A E1 FB 2D CC 78 4E 1C C5 C8 3B B9 E6 54 15 F4 ...-.xN...;..T.. 250 : E1 F9 33 EC 81 F2 9C 4D DE 0B 68 0B F8 83 1C CC ..3....M..h..... 260 : 90 EF 82 83 08 96 89 E3 AA 0B 9D F1 4C 24 DA 85 ............L$.. 270 : 19 A9 0E 85 64 6B 05 C6 7E DF 4A 5A EE A0 29 F6 ....dk..~.JZ..). 280 : D9 7B 34 F8 E6 C1 1C 9D DC 33 22 61 1A 16 B2 D8 .{4......3"a.... 290 : F9 8A 4B CF FE CC C0 FD 3A E9 42 89 3C F3 A8 BC ..K.....:.B.<... 2a0 : 5D 5F 42 F6 CB 5D 52 9F 13 6B 4A 26 D0 C9 FC 81 ]_B..]R..kJ&.... 2b0 : 75 69 31 B7 51 9C A2 0D 57 D1 B4 C4 C5 46 24 D4 ui1.Q...W....F$. 2c0 : 12 BF BE A7 EC D7 60 0A 82 D5 19 EC F1 06 A6 37 ......`........7 2d0 : 44 63 0C CE 06 C2 09 E0 6F AF FA AF 2F 9A 3F E6 Dc......o.../.?. 2e0 : 69 D1 5E 70 61 B7 0B 35 11 FA B9 CA E6 04 E4 BC i.^pa..5........ 2f0 : 7F 6A D8 FD 65 50 43 1B 52 EF 60 02 6E 95 58 B5 j..ePC.R.`.n.X. 300 : CB F7 FD 1D AA F4 0F 7F 66 26 A7 E7 13 58 E9 10 .......f&...X.. 310 : EA 57 7A C4 0E 14 4A 7B AA 35 7D D6 93 92 90 1A .Wz...J{.5}..... 320 : 37 95 C7 F9 71 E8 35 05 E5 79 2F 09 2E 6B CA CD 7...q.5..y/..k.. 330 : 43 77 84 87 55 9A 33 B5 12 75 95 99 88 54 31 E2 Cw..U.3..u...T1. 340 : F3 5E BE 27 F7 06 F5 D9 F5 6F 13 B9 1A C0 F9 41 .^.'.....o.....A 350 : 8B 4F BF 81 9E 85 E2 BE 25 82 74 40 AB 66 8A F6 .O......%.t@.f.. 360 : 1E BF 5B F0 B6 15 18 B0 2F E8 FD D5 2C DA EF 97 ..[...../...,... 370 : B1 B3 0D 15 3E 99 71 CC FB 2C 1D 7F A0 DE DE B4 ....>.q..,..... 380 : 37 13 2D 87 15 3A C8 5D ED 78 8A 74 25 A4 65 CF 7.-..:.].x.t%.e. 390 : 95 A1 DA DC 39 2B 1D 71 62 AD 99 98 A7 0F EF A9 ....9+.qb....... 3a0 : 2B 98 AB E2 CF C0 16 BF 44 B9 DB 2A 7B 29 5E B0 +.......D..*{)^. 3b0 : DD BD 7A 08 CF 74 CB F5 B6 2D D4 D1 0B 2D 39 EA ..z..t...-...-9. 3c0 : 9D 4A A7 DB 75 0E E6 B1 32 84 76 E0 41 9F 3B 15 .J..u...2.v.A.;. 3d0 : 71 B2 EB B9 6A 85 EE C6 D4 4A 9F AA D3 13 E7 2E q...j....J...... 3e0 : 39 F6 AB 8A CD D9 AA 20 3B A0 67 86 F1 2E BE A1 9...... ;.g..... 3f0 : E8 FC 96 28 4D FE FE 97 43 8A 92 C2 9C 37 76 5C ...(M...C....7v400 : BC F3 E7 56 6F D7 20 04 F7 C6 6B AD 32 66 B7 01 ...Vo. ...k.2f.. 410 : 07 C8 51 D5 F2 9B 22 A4 74 BF E0 38 92 E3 2A 39 ..Q...".t..8..*9 420 : 4B BB 22 D5 EA E1 EB 4C 22 2B 94 C4 F1 A9 81 C8 K."....L"+...... 430 : 77 85 A6 E1 78 04 08 46 A5 49 B3 B4 FC 99 EB 26 w...x..F.I.....& 440 : 3D EA E1 E0 3C 04 11 B3 DA 7F A9 B8 B4 24 C4 02 =...<.......$.. 450 : 1E 98 FF C8 9D 89 33 91 55 E8 65 24 EE 88 7B A6 ......3.U.e$..{. 460 : 66 66 6F 5C 30 94 8C 41 C7 54 CA F5 98 9C D7 A4 ffo\0..A.T...... 470 : D0 82 8E A3 A5 39 89 8E 83 3C D9 DA 78 11 8B 4F .....9...<..x..O 480 : 5A 9F 4B 0E 14 D8 A8 64 A6 29 D2 CC 09 44 B7 38 Z.K....d.)...D.8 490 : 3B DF 79 E2 36 92 87 25 40 59 6C FD 5B C6 76 A3 ;.y.6..%@Yl.[.v. 4a0 : 0A 50 16 91 00 67 B7 2B B6 E7 2C D6 FD E8 9C 68 .P...g.+..,....h 4b0 : 75 33 ED 1E 3D 32 FB 91 B8 A9 CC 82 5A 7A CB A6 u3..=2......Zz.. 4c0 : DC 83 D9 7F C9 EC B9 14 1C 4C C7 B1 FB EC CE A5 ........L...... 4d0 : DB EF 55 C6 4B 37 D5 14 41 4B 1B C6 95 42 D7 04 ..U.K7..AK...B.. 4e0 : C2 A6 85 20 9B 8D 0D 1B F2 68 29 34 C5 57 87 7D ... .....h)4.W.} 4f0 : BA 68 69 D9 8D BE 82 62 D2 D7 85 05 78 E1 0E 58 .hi....b....x..X 500 : 8C 28 B0 1C 7D 7F AD A9 76 4E 52 9A 2D 12 DA E8 .(..}..vNR.-... 510 : 89 ED D8 6E C2 70 AF 33 54 5E FD AB 5D A7 AA E8 ...n.p.3T^..]... 520 : 8B 18 1D C2 D2 F5 62 72 AA 7A A3 3A 5B C9 FE 7B ......br.z.:[..{ 530 : C0 B3 D2 C2 05 3F 67 46 38 9E .....?gF8.

-- GoAce? - 2013-04-24


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; reference:url,doc.emergingthreats.net/2008059; classtype:trojan-activity; sid:2008059; rev:4;)

Added 2011-10-12 19:24:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008059; sid:2008059; rev:4;)

Added 2011-09-14 22:37:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008059; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2008059; rev:4;)

Added 2011-02-04 17:27:10 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008059; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2008059; rev:4;)

Added 2009-02-13 19:47:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008059; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2008059; rev:4;)

Added 2009-02-13 19:47:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008059; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2008059; rev:4;)

Added 2009-02-13 19:46:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008059; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2008059; rev:4;)

Added 2009-02-13 19:46:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008059; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2008059; rev:4;)

Added 2009-02-13 19:45:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008059; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2008059; rev:4;)

Added 2009-02-13 19:45:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; sid:2008059; rev:3;)

Added 2008-03-26 17:32:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; sid:2008059; rev:3;)

Added 2008-03-26 17:32:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; flowbits:set,ET.inj.ajq.1; classtype:trojan-activity; sid:2008059; rev:1;)

Added 2008-03-26 17:00:38 UTC


Edit | Attach | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r2 - 2013-04-24 - GoAce?
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats