#alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Rincux CnC? (set)"; content:"|01 00 00 00|"; depth:4; content:"|00 00 00 00 00 00 00 00|"; distance:0; content:"|00 00 00 00 00 00 00 00 00 00 00 00 00|Windows"; distance:0; content:"|20 4d 42 00 00 00 00 00|"; fast_pattern; distance:0; content:"|20 4d 48 7a 00 00 00 00 00|"; distance:0; flowbits:set,ET.Rincux; flowbits:noalert; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2014-082614-0727-99&tabid=2; classtype:trojan-activity; sid:2022131; rev:1; metadata:created_at 2015_11_23, former_category MALWARE, updated_at 2015_11_23;)

Added 2020-12-15 18:45:11 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Rincux CnC? (set)"; content:"|01 00 00 00|"; depth:4; content:"|00 00 00 00 00 00 00 00|"; distance:0; content:"|00 00 00 00 00 00 00 00 00 00 00 00 00|Windows"; distance:0; content:"|20 4d 42 00 00 00 00 00|"; fast_pattern; distance:0; content:"|20 4d 48 7a 00 00 00 00 00|"; distance:0; flowbits:set,ET.Rincux; flowbits:noalert; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2014-082614-0727-99&tabid=2; classtype:trojan-activity; sid:2022131; rev:1; metadata:created_at 2015_11_23, former_category MALWARE, updated_at 2015_11_23;)

Added 2020-08-05 19:11:52 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Rincux CnC? (set)"; content:"|01 00 00 00|"; depth:4; content:"|00 00 00 00 00 00 00 00|"; distance:0; content:"|00 00 00 00 00 00 00 00 00 00 00 00 00|Windows"; distance:0; content:"|20 4d 42 00 00 00 00 00|"; fast_pattern; distance:0; content:"|20 4d 48 7a 00 00 00 00 00|"; distance:0; flowbits:set,ET.Rincux; flowbits:noalert; metadata: former_category MALWARE; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2014-082614-0727-99&tabid=2; classtype:trojan-activity; sid:2022131; rev:1; metadata:created_at 2015_11_23, updated_at 2015_11_23;)

Added 2019-09-19 19:26:32 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Rincux CnC? (set)"; content:"|01 00 00 00|"; depth:4; content:"|00 00 00 00 00 00 00 00|"; distance:0; content:"|00 00 00 00 00 00 00 00 00 00 00 00 00|Windows"; distance:0; content:"|20 4d 42 00 00 00 00 00|"; fast_pattern; distance:0; content:"|20 4d 48 7a 00 00 00 00 00|"; distance:0; flowbits:set,ET.Rincux; flowbits:noalert; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2014-082614-0727-99&tabid=2; classtype:trojan-activity; sid:2022131; rev:1; metadata:created_at 2015_11_23, updated_at 2015_11_23;)

Added 2018-09-13 19:51:58 UTC


Added 2018-09-13 18:00:32 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Rincux CnC? (set)"; content:"|01 00 00 00|"; depth:4; content:"|00 00 00 00 00 00 00 00|"; distance:0; content:"|00 00 00 00 00 00 00 00 00 00 00 00 00|Windows"; distance:0; content:"|20 4d 42 00 00 00 00 00|"; fast_pattern; distance:0; content:"|20 4d 48 7a 00 00 00 00 00|"; distance:0; flowbits:set,ET.Rincux; flowbits:noalert; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2014-082614-0727-99&tabid=2; classtype:trojan-activity; sid:2022131; rev:1; metadata:created_at 2015_11_23, updated_at 2015_11_23;)

Added 2017-08-07 21:16:57 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Rincux CnC? (set)"; content:"|01 00 00 00|"; depth:4; content:"|00 00 00 00 00 00 00 00|"; distance:0; content:"|00 00 00 00 00 00 00 00 00 00 00 00 00|Windows"; distance:0; content:"|20 4d 42 00 00 00 00 00|"; fast_pattern; distance:0; content:"|20 4d 48 7a 00 00 00 00 00|"; distance:0; flowbits:set,ET.Rincux; flowbits:noalert; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2014-082614-0727-99&tabid=2; classtype:trojan-activity; sid:2022131; rev:1;)

Added 2015-11-23 16:18:19 UTC


Topic revision: r1 - 2020-12-15 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats