alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Plurox Backdoor CnC? Checkin"; flow:established,to_server; content:"|aa 95 82 71|"; depth:4; content:"|01 00 00 00 00 00 00 00|"; distance:4; within:8; content:"|95 82 71 aa 95 82 71|"; isdataat:!1,relative; fast_pattern; reference:md5,c5b42399a6636de5014e2934ef08278f; reference:url,securelist.com/plurox-modular-backdoor/91213/; classtype:trojan-activity; sid:2027506; rev:3; metadata:created_at 2019_06_21, former_category MALWARE, updated_at 2020_11_11;)

Added 2021-09-21 20:00:44 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Plurox Backdoor CnC? Checkin"; flow:established,to_server; content:"|aa 95 82 71|"; depth:4; content:"|01 00 00 00 00 00 00 00|"; distance:4; within:8; content:"|95 82 71 aa 95 82 71|"; isdataat:!1,relative; fast_pattern; reference:md5,c5b42399a6636de5014e2934ef08278f; reference:url,securelist.com/plurox-modular-backdoor/91213/; classtype:trojan-activity; sid:2027506; rev:3; metadata:created_at 2019_06_21, former_category MALWARE, updated_at 2020_11_10;)

Added 2020-11-11 19:18:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Plurox Backdoor CnC? Checkin"; flow:established,to_server; content:"|aa 95 82 71|"; depth:4; content:"|01 00 00 00 00 00 00 00|"; distance:4; within:8; content:"|95 82 71 aa 95 82 71|"; distance:0; isdataat:!1,relative; fast_pattern; reference:md5,c5b42399a6636de5014e2934ef08278f; reference:url,securelist.com/plurox-modular-backdoor/91213/; classtype:trojan-activity; sid:2027506; rev:2; metadata:created_at 2019_06_21, former_category MALWARE, updated_at 2019_09_28;)

Added 2020-08-05 19:16:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Plurox Backdoor CnC? Checkin"; flow:established,to_server; content:"|aa 95 82 71|"; depth:4; content:"|01 00 00 00 00 00 00 00|"; distance:4; within:8; content:"|95 82 71 aa 95 82 71|"; distance:0; isdataat:!1,relative; fast_pattern; metadata: former_category MALWARE; reference:md5,c5b42399a6636de5014e2934ef08278f; reference:url,securelist.com/plurox-modular-backdoor/91213/; classtype:trojan-activity; sid:2027506; rev:2; metadata:created_at 2019_06_21, updated_at 2019_09_28;)

Added 2019-10-01 08:29:46 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Plurox Backdoor CnC? Checkin"; flow:established,to_server; content:"|aa 95 82 71|"; depth:4; content:"|01 00 00 00 00 00 00 00|"; distance:4; within:8; content:"|95 82 71 aa 95 82 71|"; distance:0; isdataat:!1,relative; fast_pattern; metadata: former_category MALWARE; reference:md5,c5b42399a6636de5014e2934ef08278f; reference:url,securelist.com/plurox-modular-backdoor/91213/; classtype:trojan-activity; sid:2027506; rev:2; metadata:created_at 2019_06_21, updated_at 2019_09_28;)

Added 2019-10-01 04:24:10 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Plurox Backdoor CnC? Checkin"; flow:established,to_server; content:"|aa 95 82 71|"; depth:4; content:"|01 00 00 00 00 00 00 00|"; distance:4; within:8; content:"|95 82 71 aa 95 82 71|"; distance:0; isdataat:!1,relative; fast_pattern; metadata: former_category MALWARE; reference:md5,c5b42399a6636de5014e2934ef08278f; reference:url,securelist.com/plurox-modular-backdoor/91213/; classtype:trojan-activity; sid:2027506; rev:2; metadata:created_at 2019_06_21, updated_at 2019_06_21;)

Added 2019-09-19 19:27:12 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Plurox Backdoor CnC? Checkin"; flow:established,to_server; content:"|aa 95 82 71|"; depth:4; content:"|01 00 00 00 00 00 00 00|"; distance:4; within:8; content:"|95 82 71 aa 95 82 71|"; distance:0; isdataat:!1,relative; fast_pattern; metadata: former_category TROJAN; reference:md5,c5b42399a6636de5014e2934ef08278f; reference:url,securelist.com/plurox-modular-backdoor/91213/; classtype:trojan-activity; sid:2027506; rev:2; metadata:created_at 2019_06_21, updated_at 2019_06_21;)

Added 2019-06-21 20:26:57 UTC


Topic revision: r1 - 2021-09-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats