alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response 2"; flow:established,to_server; flowbits:isset,is_proto_irc; content:"|3A 02 03|4|5B|"; content:"|03 02|"; within: 32; pcre:"/\x3A\x02\x034\x5B(BackConnect?|help|HTTP.*|SCAN|TCP.*|UDP.*|VERSION)\x5D\x03\x02/i"; reference:url,doc.emergingthreats.net/2006911; classtype:trojan-activity; sid:2006911; rev:8; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:00:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response 2"; flow:established,to_server; flowbits:isset,is_proto_irc; content:"|3A 02 03|4|5B|"; content:"|03 02|"; within: 32; pcre:"/\x3A\x02\x034\x5B(BackConnect?|help|HTTP.*|SCAN|TCP.*|UDP.*|VERSION)\x5D\x03\x02/i"; reference:url,doc.emergingthreats.net/2006911; classtype:trojan-activity; sid:2006911; rev:8;)

Added 2011-10-21 14:50:59 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 2)"; flow:established; flowbits:isset,is_proto_irc; content:"|3A 02 03|4|5B|"; content:"|03 02|"; within: 32; pcre:"/\x3A\x02\x034\x5B(BackConnect?|help|HTTP.*|SCAN|TCP.*|UDP.*|VERSION)\x5D\x03\x02/i"; reference:url,doc.emergingthreats.net/2006911; classtype:trojan-activity; sid:2006911; rev:6;)

Added 2011-10-12 19:21:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 2)"; flow:established; flowbits:isset,is_proto_irc; content:"|3A 02 03|4|5B|"; content:"|03 02|"; within: 32; pcre:"/\x3A\x02\x034\x5B(BackConnect?|help|HTTP.*|SCAN|TCP.*|UDP.*|VERSION)\x5D\x03\x02/i"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006911; sid:2006911; rev:6;)

Added 2011-09-14 22:35:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 2)"; flow:established; flowbits:isset,is_proto_irc; content:"|3A 02 03|4|5B|"; content:"|03 02|"; within: 32; pcre:"/\x3A\x02\x034\x5B(BackConnect?|help|HTTP.*|SCAN|TCP.*|UDP.*|VERSION)\x5D\x03\x02/i"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006911; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_IRC_Bots; sid:2006911; rev:6;)

Added 2011-02-04 17:25:55 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 2)"; flow:established; flowbits:isset,is_proto_irc; content:"|3A 02 03|4|5B|"; content:"|03 02|"; within: 32; pcre:"/\x3A\x02\x034\x5B(BackConnect?|help|HTTP.*|SCAN|TCP.*|UDP.*|VERSION)\x5D\x03\x02/i"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006911; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_IRC_Bots; sid:2006911; rev:6;)

Added 2009-07-29 15:22:55 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 2)"; flow:established; flowbits:isset,is_proto_irc; content:"|3A 02 03|4|5B|"; content:"|03 02|"; within: 32; pcre:"/\x3A\x02\x034\x5B(BackConnect?|help|HTTP.*|SCAN|TCP.*|UDP.*|VERSION)\x5D\x03\x02/i"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006911; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_IRC_Bots; sid:2006911; rev:6;)

Added 2009-07-29 15:22:55 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 2)"; flowbits:isset,is_proto_irc; content:"|3A 02 03|4|5B|"; content:"|03 02|"; within: 32; pcre:"/\x3A\x02\x034\x5B(BackConnect?|help|HTTP.*|SCAN|TCP.*|UDP.*|VERSION)\x5D\x03\x02/i"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006911; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_IRC_Bots; sid:2006911; rev:5;)

Added 2009-02-13 19:15:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 2)"; flowbits:isset,is_proto_irc; content:"|3A 02 03|4|5B|"; content:"|03 02|"; within: 32; pcre:"/\x3A\x02\x034\x5B(BackConnect?|help|HTTP.*|SCAN|TCP.*|UDP.*|VERSION)\x5D\x03\x02/i"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006911; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_IRC_Bots; sid:2006911; rev:5;)

Added 2009-02-13 19:15:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 2)"; flowbits:isset,is_proto_irc; content:"|3A 02 03|4|5B|"; content:"|03 02|"; within: 32; pcre:"/\x3A\x02\x034\x5B(BackConnect?|help|HTTP.*|SCAN|TCP.*|UDP.*|VERSION)\x5D\x03\x02/i"; classtype:trojan-activity; sid:2006911; rev:4;)

Added 2008-08-27 11:15:21 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 2)"; flowbits:isset,is_proto_irc; content:"|3A 02 03|4|5B|"; content:"|03 02|"; within: 32; pcre:"/\x3A\x02\x034\x5B(BackConnect?|help|HTTP.*|SCAN|TCP.*|UDP.*|VERSION)\x5D\x03\x02/i"; classtype:trojan-activity; sid:2006911; rev:4;)

Added 2008-08-27 11:15:21 UTC


alert tcp any any -> any any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 2)"; flowbits:isset,is_proto_irc; content:"|3A 02 03|4|5B|"; content:"|03 02|"; within: 32; pcre:"/\x3A\x02\x034\x5B(BackConnect?|help|HTTP.*|SCAN|TCP.*|UDP.*|VERSION)\x5D\x03\x02/i"; classtype:trojan-activity; sid:2006911; rev:3;)

Added 2008-03-09 19:05:29 UTC


alert tcp any any -> any any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 2)"; flowbits:isset,is_proto_irc; content:"|3A 02 03|4|5B|"; content:"|03 02|"; within: 32; pcre:"/\x3A\x02\x034\x5B(BackConnect?|help|HTTP.*|SCAN|TCP.*|UDP.*|VERSION)\x5D\x03\x02/i"; classtype:trojan-activity; sid:2006911; rev:3;)

Added 2008-03-09 19:05:29 UTC


alert tcp any any -> any any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 2)"; flowbits:isset,is_proto_irc; content:"|3A 02 03|4|5B|"; content:"|03 02|"; within: 32; pcre:"/\x3A\x02\x034\x5B(BackConnect?|help|HTTP.*|SCAN|TCP.*|UDP.*|VERSION)\x5D\x03\x02/i"; flowbits:set,BE.trojan; classtype:trojan-activity; sid:2006911; rev:2;)

Added 2008-01-31 10:12:23 UTC


alert tcp any any -> any any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 2)"; flowbits:isset,is_proto_irc; content:"|3A 02 03|4|5B|"; content:"|03 02|"; within: 32; pcre:"/\x3A\x02\x034\x5B(BackConnect?|help|HTTP.*|SCAN|TCP.*|UDP.*|VERSION)\x5D\x03\x02/i"; flowbits:set,BE.trojan; classtype:trojan-activity; sid:2006911; rev:2;)

Added 2008-01-31 10:12:23 UTC


alert tcp any any -> any any (msg: "BLEEDING-EDGE TROJAN perlb0t/w0rmb0t Response (Case 2)"; flowbits:isset,is_proto_irc; content:"|3A 02 03|4|5B|"; content:"|03 02|"; within: 32; pcre:"/\x3A\x02\x034\x5B(BackConnect?|help|HTTP.*|SCAN|TCP.*|UDP.*|VERSION)\x5D\x03\x02/i"; flowbits:set,BE.trojan; classtype:trojan-activity; sid:2006911; rev:1;)

Added 2007-08-10 01:20:19 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats