alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Windows TaskList? Microsoft Windows DOS prompt command exit OUTBOUND"; flow:established,to_server; content:"System Idle Process"; fast_pattern; content:"|49 6d 61 67 65 20 4e 61 6d 65|"; content:"|50 49 44 20 53 65 73 73 69 6f 6e 20 4e 61 6d 65|"; distance:0; content:"|53 65 73 73 69 6f 6e 23|"; distance:0; content:"|4d 65 6d 20 55 73 61 67 65|"; distance:0; content:"svchost.exe"; content:"winlogon.exe"; classtype:trojan-activity; sid:2018886; rev:4; metadata:created_at 2014_08_04, updated_at 2020_11_09;)

Added 2020-11-10 19:09:46 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Windows TaskList? Microsoft Windows DOS prompt command exit OUTBOUND"; flow:established,to_server; content:"System Idle Process"; fast_pattern; content:"|49 6d 61 67 65 20 4e 61 6d 65|"; content:"|50 49 44 20 53 65 73 73 69 6f 6e 20 4e 61 6d 65|"; distance:0; content:"|53 65 73 73 69 6f 6e 23|"; distance:0; content:"|4d 65 6d 20 55 73 61 67 65 0d 0a|"; distance:0; content:"svchost.exe"; content:"winlogon.exe"; classtype:trojan-activity; sid:2018886; rev:3; metadata:created_at 2014_08_04, updated_at 2020_10_23;)

Added 2020-10-23 18:45:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Windows TaskList? Microsoft Windows DOS prompt command exit OUTBOUND"; flow:established,to_server; content:"System Idle Process"; fast_pattern:only; content:"|49 6d 61 67 65 20 4e 61 6d 65 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 50 49 44 20 53 65 73 73 69 6f 6e 20 4e 61 6d 65 20 20 20 20 20 53 65 73 73 69 6f 6e 23 20 20 20 20 4d 65 6d 20 55 73 61 67 65 0d 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 20 3d 3d 3d 3d 3d 3d 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 20 3d 3d 3d 3d 3d 3d 3d 3d 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0d 0a|"; content:"svchost.exe"; content:"winlogon.exe"; classtype:trojan-activity; sid:2018886; rev:1; metadata:created_at 2014_08_04, updated_at 2019_10_07;)

Added 2019-10-07 19:58:48 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Windows TaskList? Microsoft Windows DOS prompt command exit OUTBOUND"; flow:established,to_server; content:"System Idle Process"; fast_pattern:only; content:"|49 6d 61 67 65 20 4e 61 6d 65 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 50 49 44 20 53 65 73 73 69 6f 6e 20 4e 61 6d 65 20 20 20 20 20 53 65 73 73 69 6f 6e 23 20 20 20 20 4d 65 6d 20 55 73 61 67 65 0d 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 20 3d 3d 3d 3d 3d 3d 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 20 3d 3d 3d 3d 3d 3d 3d 3d 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0d 0a|"; content:"svchost.exe"; content:"winlogon.exe"; classtype:trojan-activity; sid:2018886; rev:1; metadata:created_at 2014_08_04, updated_at 2014_08_04;)

Added 2018-09-13 19:49:06 UTC


Added 2018-09-13 17:58:52 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Windows TaskList? Microsoft Windows DOS prompt command exit OUTBOUND"; flow:established,to_server; content:"System Idle Process"; fast_pattern:only; content:"|49 6d 61 67 65 20 4e 61 6d 65 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 50 49 44 20 53 65 73 73 69 6f 6e 20 4e 61 6d 65 20 20 20 20 20 53 65 73 73 69 6f 6e 23 20 20 20 20 4d 65 6d 20 55 73 61 67 65 0d 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 20 3d 3d 3d 3d 3d 3d 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 20 3d 3d 3d 3d 3d 3d 3d 3d 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0d 0a|"; content:"svchost.exe"; content:"winlogon.exe"; classtype:trojan-activity; sid:2018886; rev:1; metadata:created_at 2014_08_04, updated_at 2014_08_04;)

Added 2017-08-07 21:13:02 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Windows TaskList? Microsoft Windows DOS prompt command exit OUTBOUND"; flow:established,to_server; content:"System Idle Process"; fast_pattern:only; content:"|49 6d 61 67 65 20 4e 61 6d 65 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 50 49 44 20 53 65 73 73 69 6f 6e 20 4e 61 6d 65 20 20 20 20 20 53 65 73 73 69 6f 6e 23 20 20 20 20 4d 65 6d 20 55 73 61 67 65 0d 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 20 3d 3d 3d 3d 3d 3d 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 20 3d 3d 3d 3d 3d 3d 3d 3d 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0d 0a|"; content:"svchost.exe"; content:"winlogon.exe"; classtype:trojan-activity; sid:2018886; rev:1;)

Added 2014-08-04 19:42:21 UTC


Topic revision: r1 - 2020-11-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats