alert tcp $HOME_NET ![23,25,80,137,139,445] -> $EXTERNAL_NET 20000: (msg:"ET TROJAN Sourtoff Download Simda Request"; flow:established,to_server; dsize:18; content:"|0a 10|"; depth:2; flowbits:set,ET.TROJAN.Sourtoff; flowbits:noalert; reference:md5,5469af0daa10f8acbe552cd2f1f6a6bb; classtype:trojan-activity; sid:2019312; rev:3; metadata:created_at 2014_09_29, updated_at 2019_01_10;)

Added 2019-01-10 18:41:40 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 20000: (msg:"ET TROJAN Sourtoff Download Simda Request"; flow:established,to_server; dsize:18; content:"|0a 10|"; depth:2; flowbits:set,ET.TROJAN.Sourtoff; flowbits:noalert; reference:md5,5469af0daa10f8acbe552cd2f1f6a6bb; classtype:trojan-activity; sid:2019312; rev:2; metadata:created_at 2014_09_29, updated_at 2014_09_29;)

Added 2018-09-13 19:49:26 UTC


Added 2018-09-13 17:59:04 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 20000: (msg:"ET TROJAN Sourtoff Download Simda Request"; flow:established,to_server; dsize:18; content:"|0a 10|"; depth:2; flowbits:set,ET.TROJAN.Sourtoff; flowbits:noalert; reference:md5,5469af0daa10f8acbe552cd2f1f6a6bb; classtype:trojan-activity; sid:2019312; rev:2; metadata:created_at 2014_09_29, updated_at 2014_09_29;)

Added 2017-08-07 21:13:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 20000: (msg:"ET TROJAN Sourtoff Download Simda Request"; flow:established,to_server; dsize:18; content:"|0a 10|"; depth:2; flowbits:set,ET.TROJAN.Sourtoff; flowbits:noalert; reference:md5,5469af0daa10f8acbe552cd2f1f6a6bb; classtype:trojan-activity; sid:2019312; rev:2;)

Added 2014-12-05 18:20:56 UTC


Topic revision: r1 - 2019-01-10 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats