EmergingThreats> Main Web>2019129 (2020-11-03, TWikiGuest) EditAttach

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32/Dervec.gen Connectivity Check to Google"; flow:established,to_server; content:"HOST|3a 20|www.google.com|0d 0a|"; depth:22; http_header; fast_pattern; content:"|00 00 00 00 00 00 00 00 00 00|"; offset:35; depth:10; reference:md5,5eaae2d6a4b5d338b83ea5d97af93672; classtype:trojan-activity; sid:2019129; rev:11; metadata:created_at 2012_06_12, updated_at 2020_11_03;)

Added 2020-11-03 18:44:37 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32/Dervec.gen Connectivity Check to Google"; flow:established,to_server; content:"HOST|3a 20|www.google.com|0d 0a|"; depth:22; http_header; fast_pattern; content:"|00 00 00 00 00 00 00 00 00 00|"; offset:35; depth:10; reference:md5,5eaae2d6a4b5d338b83ea5d97af93672; classtype:trojan-activity; sid:2019129; rev:11; metadata:created_at 2012_06_12, updated_at 2020_03_03;)

Added 2020-03-03 18:12:52 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32/Dervec.gen Connectivity Check to Google"; flow:established,to_server; content:"HOST|3a|"; depth:5; http_header; content:"www.google.com|0d 0a|"; within:17; http_header; content:"|00 00 00 00 00 00 00 00 00 00|"; offset:35; depth:10; reference:md5,5eaae2d6a4b5d338b83ea5d97af93672; classtype:trojan-activity; sid:2019129; rev:10; metadata:created_at 2012_06_12, updated_at 2012_06_12;)

Added 2018-09-13 19:49:16 UTC

Added 2018-09-13 17:58:58 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32/Dervec.gen Connectivity Check to Google"; flow:established,to_server; content:"HOST|3a|"; depth:5; http_header; content:"www.google.com|0d 0a|"; within:17; http_header; content:"|00 00 00 00 00 00 00 00 00 00|"; offset:35; depth:10; reference:md5,5eaae2d6a4b5d338b83ea5d97af93672; classtype:trojan-activity; sid:2019129; rev:10; metadata:created_at 2012_06_12, updated_at 2012_06_12;)

Added 2017-08-07 21:13:19 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32/Dervec.gen Connectivity Check to Google"; flow:established,to_server; content:"HOST|3a|"; depth:5; http_header; content:"www.google.com|0d 0a|"; within:17; http_header; content:"|00 00 00 00 00 00 00 00 00 00|"; offset:35; depth:10; reference:md5,5eaae2d6a4b5d338b83ea5d97af93672; classtype:trojan-activity; sid:2019129; rev:10;)

Added 2014-09-05 20:08:50 UTC

Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2020-11-03 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats