alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; metadata: former_category TROJAN; reference:url,vil.nai.com/vil/content/v_141203.htm; reference:url,doc.emergingthreats.net/2008017; classtype:trojan-activity; sid:2008017; rev:4; metadata:created_at 2010_07_30, updated_at 2017_05_11;)

Added 2017-08-07 21:01:13 UTC


alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; reference:url,vil.nai.com/vil/content/v_141203.htm; reference:url,doc.emergingthreats.net/2008017; classtype:trojan-activity; sid:2008017; rev:4;)

Added 2017-05-12 14:59:42 UTC


alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello,World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; reference:url,vil.nai.com/vil/content/v_141203.htm; reference:url,doc.emergingthreats.net/2008017; classtype:trojan-activity; sid:2008017; rev:3;)

Added 2011-10-12 19:24:16 UTC


alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello,World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; classtype:trojan-activity; reference:url,vil.nai.com/vil/content/v_141203.htm; reference:url,doc.emergingthreats.net/2008017; sid:2008017; rev:3;)

Added 2011-09-14 22:37:45 UTC


alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello,World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; classtype:trojan-activity; reference:url,vil.nai.com/vil/content/v_141203.htm; reference:url,doc.emergingthreats.net/2008017; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Philis; sid:2008017; rev:3;)

Added 2011-02-04 17:27:07 UTC


alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello,World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; classtype:trojan-activity; reference:url,vil.nai.com/vil/content/v_141203.htm; reference:url,doc.emergingthreats.net/2008017; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Philis; sid:2008017; rev:3;)

Added 2009-02-13 19:30:24 UTC


alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello,World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; classtype:trojan-activity; reference:url,vil.nai.com/vil/content/v_141203.htm; reference:url,doc.emergingthreats.net/2008017; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Philis; sid:2008017; rev:3;)

Added 2009-02-13 19:30:24 UTC


alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello,World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; classtype:trojan-activity; reference:url,vil.nai.com/vil/content/v_141203.htm; sid:2008017; rev:2;)

Added 2008-03-18 22:28:50 UTC


alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello,World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; classtype:trojan-activity; reference:url,vil.nai.com/vil/content/v_141203.htm; sid:2008017; rev:2;)

Added 2008-03-18 22:28:50 UTC


alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello, World)"; icode:0; itype:0; dsize:11; content:"Hello, World"; classtype:trojan-activity; reference:url,vil.nai.com/vil/content/v_141203.htm; sid:2008017; rev:1;)

Added 2008-03-18 22:19:54 UTC

This is any to any because most pinging will be local net to local net. But it'll be interesting if you see these coming in from the outside. As it's setup that's unlikely to happen, and will indicate a shift in tactics.

-- MattJonkman - 19 Mar 2008


Topic revision: r2 - 2008-03-19 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats