#alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"ET DELETED NPRC Malicious POST Request Possible DOJ or DOT Malware"; flow:to_server; content:"POST"; nocase; http_method; content:"ACCEPT|3A|"; nocase; within:300; content:"POST|2C|"; fast_pattern; nocase; within:100; reference:url,www.websense.com/securitylabs/alerts/alert.php?AlertID=835; reference:url,doc.emergingthreats.net/2007748; classtype:trojan-activity; sid:2007748; rev:8;)

Added 2013-02-20 05:32:06 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"ET TROJAN NPRC Malicious POST Request Possible DOJ or DOT Malware"; flow:to_server; content:"POST"; nocase; http_method; content:"ACCEPT|3A|"; nocase; within:300; content:"POST|2C|"; fast_pattern; nocase; within:100; reference:url,www.websense.com/securitylabs/alerts/alert.php?AlertID=835; reference:url,doc.emergingthreats.net/2007748; classtype:trojan-activity; sid:2007748; rev:7;)

Added 2011-10-12 19:23:46 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"ET TROJAN NPRC Malicious POST Request Possible DOJ or DOT Malware"; flow:to_server; content:"POST"; nocase; http_method; content:"ACCEPT|3A|"; nocase; within:300; content:"POST|2C|"; fast_pattern; nocase; within:100; classtype:trojan-activity; reference:url,www.websense.com/securitylabs/alerts/alert.php?AlertID=835; reference:url,doc.emergingthreats.net/2007748; sid:2007748; rev:7;)

Added 2011-09-14 22:37:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"ET TROJAN NPRC Malicious POST Request Possible DOJ or DOT Malware"; flow:to_server; content:"POST"; nocase; http_method; content:"ACCEPT|3A|"; nocase; within:300; content:"POST|2C|"; fast_pattern; nocase; within:100; classtype:trojan-activity; reference:url,www.websense.com/securitylabs/alerts/alert.php?AlertID=835; reference:url,doc.emergingthreats.net/2007748; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_NPRC; sid:2007748; rev:7;)

Added 2011-02-04 17:26:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 80 ( msg:"ET TROJAN NPRC Malicious POST Request Possible DOJ or DOT Malware"; flow:to_server; content:"POST "; nocase; offset:0; depth:5; content:"ACCEPT|3A|"; nocase; within:300; content:"POST|2C|"; nocase; within:100; classtype:trojan-activity; reference:url,www.websense.com/securitylabs/alerts/alert.php?AlertID=835; reference:url,doc.emergingthreats.net/2007748; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_NPRC; sid:2007748; rev:4;)

Added 2009-03-13 20:47:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 80 ( msg:"ET TROJAN NPRC Malicious POST Request Possible DOJ or DOT Malware"; flow:to_server; content:"POST "; nocase; offset:0; depth:5; content:"ACCEPT|3A|"; nocase; within:300; content:"POST|2C|"; nocase; within:100; classtype:trojan-activity; reference:url,www.websense.com/securitylabs/alerts/alert.php?AlertID=835; reference:url,doc.emergingthreats.net/2007748; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_NPRC; sid:2007748; rev:4;)

Added 2009-03-13 20:47:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 80 ( msg:"ET TROJAN NPRC Malicious POST Request Possible DOJ or DOT Malware"; flow:to_server; content:"POST"; nocase; offset:0; depth:4; content:"ACCEPT|3A|"; nocase; within:300; content:"POST|2C|"; nocase; within:100; classtype:trojan-activity; reference:url,www.websense.com/securitylabs/alerts/alert.php?AlertID=835; reference:url,doc.emergingthreats.net/2007748; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_NPRC; sid:2007748; rev:3;)

Added 2009-02-13 19:30:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 80 ( msg:"ET TROJAN NPRC Malicious POST Request Possible DOJ or DOT Malware"; flow:to_server; content:"POST"; nocase; offset:0; depth:4; content:"ACCEPT|3A|"; nocase; within:300; content:"POST|2C|"; nocase; within:100; classtype:trojan-activity; reference:url,www.websense.com/securitylabs/alerts/alert.php?AlertID=835; reference:url,doc.emergingthreats.net/2007748; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_NPRC; sid:2007748; rev:3;)

Added 2009-02-13 19:30:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 80 ( msg:"ET TROJAN NPRC Malicious POST Request Possible DOJ or DOT Malware"; flow:to_server; content:"POST"; nocase; offset:0; depth:4; content:"ACCEPT|3A|"; nocase; within:300; content:"POST|2C|"; nocase; within:100; classtype:trojan-activity; reference:url,www.websense.com/securitylabs/alerts/alert.php?AlertID=835; sid:2007748; rev:2;)

Added 2008-01-31 10:12:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 80 ( msg:"ET TROJAN NPRC Malicious POST Request Possible DOJ or DOT Malware"; flow:to_server; content:"POST"; nocase; offset:0; depth:4; content:"ACCEPT|3A|"; nocase; within:300; content:"POST|2C|"; nocase; within:100; classtype:trojan-activity; reference:url,www.websense.com/securitylabs/alerts/alert.php?AlertID=835; sid:2007748; rev:2;)

Added 2008-01-31 10:12:23 UTC


Topic revision: r1 - 2013-02-20 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats