#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; content:"/cgi-bin/pr2.cgi"; http_uri; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; reference:url,doc.emergingthreats.net/2006414; classtype:trojan-activity; sid:2006414; rev:5; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 20:59:37 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; content:"/cgi-bin/pr2.cgi"; http_uri; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; reference:url,doc.emergingthreats.net/2006414; classtype:trojan-activity; sid:2006414; rev:5;)

Added 2011-10-12 19:20:40 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; content:"/cgi-bin/pr2.cgi"; http_uri; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006414; sid:2006414; rev:5;)

Added 2011-09-14 22:34:13 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; content:"/cgi-bin/pr2.cgi"; http_uri; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006414; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2006414; rev:5;)

Added 2011-02-04 17:25:21 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; uricontent:"/cgi-bin/pr2.cgi"; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; reference:url,doc.emergingthreats.net/2006414; classtype:trojan-activity; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2006414; rev:4;)

Added 2009-02-13 19:47:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; uricontent:"/cgi-bin/pr2.cgi"; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; reference:url,doc.emergingthreats.net/2006414; classtype:trojan-activity; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2006414; rev:4;)

Added 2009-02-13 19:47:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; uricontent:"/cgi-bin/pr2.cgi"; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; reference:url,doc.emergingthreats.net/2006414; classtype:trojan-activity; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2006414; rev:4;)

Added 2009-02-13 19:46:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; uricontent:"/cgi-bin/pr2.cgi"; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; reference:url,doc.emergingthreats.net/2006414; classtype:trojan-activity; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2006414; rev:4;)

Added 2009-02-13 19:46:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; uricontent:"/cgi-bin/pr2.cgi"; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; reference:url,doc.emergingthreats.net/2006414; classtype:trojan-activity; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2006414; rev:4;)

Added 2009-02-13 19:45:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; uricontent:"/cgi-bin/pr2.cgi"; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; reference:url,doc.emergingthreats.net/2006414; classtype:trojan-activity; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Warezov; sid:2006414; rev:4;)

Added 2009-02-13 19:45:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; uricontent:"/cgi-bin/pr2.cgi"; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; reference:url,doc.emergingthreats.net/2006414; classtype:trojan-activity; sid:2006414; rev:3;)

Added 2008-01-31 10:12:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; uricontent:"/cgi-bin/pr2.cgi"; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; reference:url,doc.emergingthreats.net/2006414; classtype:trojan-activity; sid:2006414; rev:3;)

Added 2008-01-31 10:12:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; uricontent:"/cgi-bin/pr2.cgi"; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; reference:url,doc.emergingthreats.net/2006414; classtype:trojan-activity; sid:2006414; rev:2;)

Added 2008-01-09 17:42:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; uricontent:"/cgi-bin/pr2.cgi"; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; reference:url,doc.emergingthreats.net/2006414; classtype:trojan-activity; sid:2006414; rev:2;)

Added 2008-01-09 17:42:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; uricontent:"/cgi-bin/pr2.cgi"; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; reference:url,doc.emergingthreats.net/2006414; classtype:trojan-activity; sid:2006414; rev:2;)

Added 2008-01-09 15:15:19 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; uricontent:"/cgi-bin/pr2.cgi"; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; reference:url,doc.emergingthreats.net/2006414; classtype:trojan-activity; sid:2006414; rev:2;)

Added 2008-01-09 15:15:19 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; uricontent:"/cgi-bin/pr2.cgi"; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; reference:url,doc.emergingthreats.net/2006414; classtype:trojan-activity; sid:2006414; rev:2;)

Added 2008-01-08 20:25:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; uricontent:"/cgi-bin/pr2.cgi"; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; reference:url,doc.emergingthreats.net/2006414; classtype:trojan-activity; sid:2006414; rev:2;)

Added 2008-01-08 20:25:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; uricontent:"/cgi-bin/pr2.cgi"; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; reference:url,doc.bleedingthreats.net/2006414; classtype:trojan-activity; sid:2006414; rev:1;)

Added 2007-07-20 01:46:18 UTC

From the Sandnet Analysis

-- ShirkDog? - 23 Aug 2007


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi)"; flow:established,to_server; uricontent:"/cgi-bin/pr2.cgi"; pcre:"/\/cgi-bin\/pr2\.cgi\?[a-zA-Z0-9]{172}/Ui"; reference:url,doc.bleedingthreats.net/2006414; classtype:trojan-activity; sid:2006414; rev:1;)

Added 2007-07-20 01:44:36 UTC


Topic revision: r2 - 2007-08-23 - ShirkDog?
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats