#alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; classtype:trojan-activity; sid:2003176; rev:6; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 20:56:31 UTC


#alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; classtype:trojan-activity; sid:2003176; rev:5;)

Added 2011-10-12 19:12:59 UTC


#alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; sid:2003176; rev:5;)

Added 2011-09-14 22:25:56 UTC


#alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2003176; rev:5;)

Added 2011-03-25 14:48:54 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2003176; rev:5;)

Added 2011-02-04 17:22:17 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2003176; rev:5;)

Added 2009-02-13 19:47:26 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2003176; rev:5;)

Added 2009-02-13 19:47:26 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2003176; rev:5;)

Added 2009-02-13 19:46:39 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2003176; rev:5;)

Added 2009-02-13 19:46:39 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2003176; rev:5;)

Added 2009-02-13 19:45:24 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; reference:url,doc.emergingthreats.net/2003176; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2003176; rev:5;)

Added 2009-02-13 19:45:24 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; sid:2003176; rev:4;)

Added 2008-01-31 10:12:24 UTC

Have seen fast and furious bittorrent falses on this one.

-- MikeWazowski - 13 May 2008


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; sid:2003176; rev:4;)

Added 2008-01-31 10:12:24 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE TROJAN Warezov/Stration Challenge Response"; flowbits:isset,BEposs.warezov.challenge; flow:established,from_server; dsize:4; content:"|00 00 00 00|"; classtype:trojan-activity; reference:url,www.sophos.com/security/analyses/w32strationbo.html; sid:2003176; rev:3;)



Topic revision: r2 - 2008-05-13 - MikeWazowski
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats