alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Enosch.A gtalk connectivity check"; flow:to_server; content:"/index.html"; http_uri; content:"User-Agent|3a 20|gtalk|0d 0a|"; http_header; fast_pattern; content:"www.google.com"; http_host; http_header_names; content:"|0d 0a|User-Agent|0d 0a|Host|0d 0a 0d 0a|"; depth:22; isdataat:!1,relative; reference:md5,b13db8b21289971b3c88866d202fad49; classtype:trojan-activity; sid:2018508; rev:4; metadata:created_at 2014_05_30, updated_at 2019_10_16;)

Added 2019-10-16 18:59:37 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Enosch.A gtalk connectivity check"; flow:to_server; content:"/index.html"; http_uri; content:"User-Agent|3A 20|gtalk|0d 0a|"; depth:19 ; http_header; pcre:"/^User-Agent\x3a\x20gtalk\r\nHost\x3a\x20www\.google\.com\r\n(?:\r\n)?$/H"; reference:md5,b13db8b21289971b3c88866d202fad49; classtype:trojan-activity; sid:2018508; rev:3; metadata:created_at 2014_05_30, updated_at 2014_05_30;)

Added 2018-09-13 19:48:48 UTC


Added 2018-09-13 17:58:41 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Enosch.A gtalk connectivity check"; flow:to_server; content:"/index.html"; http_uri; content:"User-Agent|3A 20|gtalk|0d 0a|"; depth:19 ; http_header; pcre:"/^User-Agent\x3a\x20gtalk\r\nHost\x3a\x20www\.google\.com\r\n(?:\r\n)?$/H"; reference:md5,b13db8b21289971b3c88866d202fad49; classtype:trojan-activity; sid:2018508; rev:3; metadata:created_at 2014_05_30, updated_at 2014_05_30;)

Added 2017-08-07 21:12:35 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Enosch.A gtalk connectivity check"; flow:to_server; content:"/index.html"; http_uri; content:"User-Agent|3A 20|gtalk|0d 0a|"; depth:19 ; http_header; pcre:"/^User-Agent\x3a\x20gtalk\r\nHost\x3a\x20www\.google\.com\r\n(?:\r\n)?$/H"; reference:md5,b13db8b21289971b3c88866d202fad49; classtype:trojan-activity; sid:2018508; rev:3;)

Added 2014-06-09 18:36:55 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Sality gtalk connectivity check"; flow:to_server; content:"/index.html"; http_uri; content:"User-Agent|3A 20|gtalk|0d 0a|"; depth:19 ; http_header; pcre:"/^User-Agent\x3a\x20gtalk\r\nHost\x3a\x20www\.google\.com\r\n(?:\r\n)?$/H"; reference:md5,b13db8b21289971b3c88866d202fad49; classtype:trojan-activity; sid:2018508; rev:2;)

Added 2014-05-30 18:34:07 UTC


Topic revision: r1 - 2019-10-16 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats