EmergingThreats> Main Web>2008177 (revision 1)EditAttach

alert tcp $HOME_NET 1024: -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Ceckno Reporting to Controller"; flow:established,to_server; dsize:<30; content:"\:2|7c|"; depth:10; content:"|7c|"; distance:0; content:"|7c|"; distance:0; pcre:"/^\d+\x3a\d\x7c\d+\x7c[0-9a-z]+\x7c\d+/i"; flowbits:set,ET.cekno.initial; classtype:trojan-activity; sid:2008177; rev:2;)

Added 2008-04-29 10:03:37 UTC


alert tcp $HOME_NET 1024: -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Ceckno Reporting to Controller"; flow:established,to_server; dsize:<30; content:"\:2|7c|"; depth:10; content:"|7c|"; distance:0; content:"|7c|"; distance:0; pcre:"/^\d+\x3a\d\x7c\d+\x7c[0-9a-z]+\x7c\d+/i"; flowbits:set,ET.cekno.initial; classtype:trojan-activity; sid:2008177; rev:2;)

Added 2008-04-29 10:03:37 UTC


alert tcp $HOME_NET 1024: -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Ceckno Reporting to Controller"; flow:established,to_server; dsize:<30; content:"\:2|7c|"; depth:10; content:"|7c|"; distance:0; pcre:"/^\d+\:2\x7c\d+\x7c(\w\s)+\x7x\d+$/"; flowbits:set,ET.cekno.initial; classtype:trojan-activity; sid:2008177; rev:1;)

Added 2008-04-29 09:38:04 UTC


Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 2008-04-29 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats