EmergingThreats> Main Web>2021917 (2019-10-22, TWikiGuest) EditAttach

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN ELF/muBoT User-Agent (I'm a mu mu mu ?)"; flow:established,to_server; content:"I|27|m a mu mu mu|20 3f|"; fast_pattern; http_user_agent; depth:16; reference:url,pastebin.com/EH1SH9aL; classtype:trojan-activity; sid:2021917; rev:3; metadata:created_at 2015_10_06, updated_at 2019_10_22;)

Added 2019-10-22 19:03:21 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN ELF/muBoT User-Agent (I'm a mu mu mu ?)"; flow:established,to_server; content:"User-Agent|3a 20|I|27|m a mu mu mu|20 3f|"; fast_pattern:8,20; http_header; reference:url,pastebin.com/EH1SH9aL; classtype:trojan-activity; sid:2021917; rev:2; metadata:created_at 2015_10_06, updated_at 2015_10_06;)

Added 2018-09-13 19:51:47 UTC

Added 2018-09-13 18:00:26 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN ELF/muBoT User-Agent (I'm a mu mu mu ?)"; flow:established,to_server; content:"User-Agent|3a 20|I|27|m a mu mu mu|20 3f|"; fast_pattern:8,20; http_header; reference:url,pastebin.com/EH1SH9aL; classtype:trojan-activity; sid:2021917; rev:2; metadata:created_at 2015_10_06, updated_at 2015_10_06;)

Added 2017-08-07 21:16:41 UTC

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN ELF/muBoT User-Agent (I'm a mu mu mu ?)"; flow:established,to_server; content:"User-Agent|3a 20|I|27|m a mu mu mu|20 3f|"; fast_pattern:8,20; http_header; reference:url,pastebin.com/EH1SH9aL; classtype:trojan-activity; sid:2021917; rev:2;)

Added 2015-10-06 17:22:51 UTC

Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2019-10-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats