#alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET DELETED Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; reference:url,doc.emergingthreats.net/2008059; classtype:trojan-activity; sid:2008059; rev:5; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:01:16 UTC


##alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET DELETED Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; reference:url,doc.emergingthreats.net/2008059; classtype:trojan-activity; sid:2008059; rev:5;)

Added 2015-10-05 19:05:52 UTC


##alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET DELETED Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; reference:url,doc.emergingthreats.net/2008059; classtype:trojan-activity; sid:2008059; rev:4;)

Added 2012-01-12 22:16:40 UTC


length = 1338

000 : 07 46 90 AB 73 47 9F C3 0D 19 20 B2 62 C5 D0 CC   .F..sG.... .b...
010 : 7B 3E FB CF 4D 85 96 F3 80 F8 0F 7C 66 39 56 FB   {>..M......|f9V.
020 : ED 28 69 45 3E 4A 3B 08 34 BB AB 48 F4 09 F1 4D   .(iE>J;.4..H...M
030 : EB 38 D4 28 35 F7 E6 C5 36 C4 70 5C 82 49 E6 7E   .8.(5...6.p\.I.~
040 : 7E B5 CA 49 45 FC 2A 9B 41 B3 76 1C 72 7A D2 6D   ~..IE.*.A.v.rz.m
050 : EE 31 93 9A F8 E3 F0 FB 13 9D 69 12 55 3E 66 DC   .1........i.U>f.
060 : 82 D5 96 B0 87 80 CA 0C 20 ED 95 14 68 54 BD 2E   ........ ...hT..
070 : DB 8C 63 2B FD 6B E9 C8 5E 66 E9 A6 F1 AF CC 7C   ..c+.k..^f.....|
080 : 72 8B DF A0 E6 27 AA 54 C3 47 4D 8C 60 1E 2D 2E   r....'.T.GM.`.-.
090 : DA EF D0 91 8C C4 35 C8 8C 40 2D 02 9B A5 89 08   ......5..@-.....
0a0 : FE 87 25 F1 73 CE 08 5E 65 D2 A6 B3 ED 43 8F 29   ..%.s..^e....C.)
0b0 : 9D 26 2C 61 6D FF 62 13 DE C3 4D 78 91 AE 81 5A   .&,am.b...Mx...Z
0c0 : F6 89 94 21 7F 55 58 C2 B8 C3 CB CC AD D6 E4 E9   ...!UX.........
0d0 : 63 AE 66 B8 E2 45 AB 74 73 2B 6F 1A 40 5C 3C F4   c.f..E.ts+o.@\<.
0e0 : 17 E7 C5 A0 E0 E8 9E E1 65 8E 4E 90 86 D5 58 78   ........e.N...Xx
0f0 : 38 8E F5 A0 28 48 8E 62 A1 D5 07 E1 25 4E 6F E7   8...(H.b....%No.
100 : 17 E5 7C 27 D6 AB 79 97 BF 06 B0 EF 63 AB C8 B8   ..|'..y.....c...
110 : C4 F7 B2 03 A3 E7 C2 63 96 58 72 37 45 1F E7 18   .......c.Xr7E...
120 : 5E E7 DF 31 96 37 C1 E4 80 E5 7D 05 39 E5 55 C2   ^..1.7....}.9.U.
130 : E0 B5 B9 C7 FA 2B BC 3A E4 E7 42 46 C2 03 E1 2B   .....+.:..BF...+
140 : 70 BE 29 26 42 8A 0D F7 D2 29 B2 C2 BF 1B 3F BF   p.)&B....)....?.
150 : 5C A4 0F 9A 77 CA E6 57 D8 D8 C3 2B 17 E0 42 2A   \...w..W...+..B*
160 : 22 79 7D 12 8B B9 D9 13 F1 17 F4 14 8A EC 1B 01   "y}.............
170 : D0 4F 75 E0 90 28 82 6B 7E 64 DE 39 5A F5 19 4A   .Ou..(.k~d.9Z..J
180 : D3 5E 98 99 77 CB 7A 2A 82 08 C7 86 93 D2 27 99   .^..w.z*......'.
190 : 65 2A 8B A9 58 8F F2 03 65 2F 7B 04 72 B4 AA A7   e*..X...e/{.r...
1a0 : 7A 8E 13 05 51 B4 33 A0 DC 29 E4 1D 85 3F 37 4F   z...Q.3..)...?7O
1b0 : 68 6A 2C 7D DC 95 8E 74 94 49 D7 89 C7 A3 4C DF   hj,}...t.I....L.
1c0 : 70 22 E8 16 A0 EB E3 FE 4C 7B 83 73 E7 E8 5F B9   p"......L{.s.._.
1d0 : 8E 01 F4 7E 38 1C AD D1 A5 C4 D8 3E 4D 08 BA B9   ...~8......>M...
1e0 : A3 6A BA 00 C0 DB 62 96 D8 1A C6 98 AB 27 00 91   .j....b......'..
1f0 : DE 41 18 9C 31 B6 68 60 69 FA 47 07 A0 5C D9 1C   .A..1.h`i.G..\..
200 : 21 6D A3 0D 56 D8 4B 8F A0 B9 0F 0A 43 3E A1 88   !m..V.K.....C>..
210 : 2F EA EA D8 AD 66 F9 3E 8A 78 9B 44 E8 8D FF AC   /....f.>.x.D....
220 : A4 81 49 2A 06 3B F2 02 58 4F 60 51 37 94 EE 2E   ..I*.;..XO`Q7...
230 : E4 9C D4 92 D3 9B 95 A9 14 36 2A 20 16 72 4B 61   .........6* .rKa
240 : 0A E1 FB 2D CC 78 4E 1C C5 C8 3B B9 E6 54 15 F4   ...-.xN...;..T..
250 : E1 F9 33 EC 81 F2 9C 4D DE 0B 68 0B F8 83 1C CC   ..3....M..h.....
260 : 90 EF 82 83 08 96 89 E3 AA 0B 9D F1 4C 24 DA 85   ............L$..
270 : 19 A9 0E 85 64 6B 05 C6 7E DF 4A 5A EE A0 29 F6   ....dk..~.JZ..).
280 : D9 7B 34 F8 E6 C1 1C 9D DC 33 22 61 1A 16 B2 D8   .{4......3"a....
290 : F9 8A 4B CF FE CC C0 FD 3A E9 42 89 3C F3 A8 BC   ..K.....:.B.<...
2a0 : 5D 5F 42 F6 CB 5D 52 9F 13 6B 4A 26 D0 C9 FC 81   ]_B..]R..kJ&....
2b0 : 75 69 31 B7 51 9C A2 0D 57 D1 B4 C4 C5 46 24 D4   ui1.Q...W....F$.
2c0 : 12 BF BE A7 EC D7 60 0A 82 D5 19 EC F1 06 A6 37   ......`........7
2d0 : 44 63 0C CE 06 C2 09 E0 6F AF FA AF 2F 9A 3F E6   Dc......o.../.?.
2e0 : 69 D1 5E 70 61 B7 0B 35 11 FA B9 CA E6 04 E4 BC   i.^pa..5........
2f0 : 7F 6A D8 FD 65 50 43 1B 52 EF 60 02 6E 95 58 B5   j..ePC.R.`.n.X.
300 : CB F7 FD 1D AA F4 0F 7F 66 26 A7 E7 13 58 E9 10   .......f&...X..
310 : EA 57 7A C4 0E 14 4A 7B AA 35 7D D6 93 92 90 1A   .Wz...J{.5}.....
320 : 37 95 C7 F9 71 E8 35 05 E5 79 2F 09 2E 6B CA CD   7...q.5..y/..k..
330 : 43 77 84 87 55 9A 33 B5 12 75 95 99 88 54 31 E2   Cw..U.3..u...T1.
340 : F3 5E BE 27 F7 06 F5 D9 F5 6F 13 B9 1A C0 F9 41   .^.'.....o.....A
350 : 8B 4F BF 81 9E 85 E2 BE 25 82 74 40 AB 66 8A F6   .O......%.t@.f..
360 : 1E BF 5B F0 B6 15 18 B0 2F E8 FD D5 2C DA EF 97   ..[...../...,...
370 : B1 B3 0D 15 3E 99 71 CC FB 2C 1D 7F A0 DE DE B4   ....>.q..,.....
380 : 37 13 2D 87 15 3A C8 5D ED 78 8A 74 25 A4 65 CF   7.-..:.].x.t%.e.
390 : 95 A1 DA DC 39 2B 1D 71 62 AD 99 98 A7 0F EF A9   ....9+.qb.......
3a0 : 2B 98 AB E2 CF C0 16 BF 44 B9 DB 2A 7B 29 5E B0   +.......D..*{)^.
3b0 : DD BD 7A 08 CF 74 CB F5 B6 2D D4 D1 0B 2D 39 EA   ..z..t...-...-9.
3c0 : 9D 4A A7 DB 75 0E E6 B1 32 84 76 E0 41 9F 3B 15   .J..u...2.v.A.;.
3d0 : 71 B2 EB B9 6A 85 EE C6 D4 4A 9F AA D3 13 E7 2E   q...j....J......
3e0 : 39 F6 AB 8A CD D9 AA 20 3B A0 67 86 F1 2E BE A1   9...... ;.g.....
3f0 : E8 FC 96 28 4D FE FE 97 43 8A 92 C2 9C 37 76 5C   ...(M...C....7v\
400 : BC F3 E7 56 6F D7 20 04 F7 C6 6B AD 32 66 B7 01   ...Vo. ...k.2f..
410 : 07 C8 51 D5 F2 9B 22 A4 74 BF E0 38 92 E3 2A 39   ..Q...".t..8..*9
420 : 4B BB 22 D5 EA E1 EB 4C 22 2B 94 C4 F1 A9 81 C8   K."....L"+......
430 : 77 85 A6 E1 78 04 08 46 A5 49 B3 B4 FC 99 EB 26   w...x..F.I.....&
440 : 3D EA E1 E0 3C 04 11 B3 DA 7F A9 B8 B4 24 C4 02   =...<.......$..
450 : 1E 98 FF C8 9D 89 33 91 55 E8 65 24 EE 88 7B A6   ......3.U.e$..{.
460 : 66 66 6F 5C 30 94 8C 41 C7 54 CA F5 98 9C D7 A4   ffo\0..A.T......
470 : D0 82 8E A3 A5 39 89 8E 83 3C D9 DA 78 11 8B 4F   .....9...<..x..O
480 : 5A 9F 4B 0E 14 D8 A8 64 A6 29 D2 CC 09 44 B7 38   Z.K....d.)...D.8
490 : 3B DF 79 E2 36 92 87 25 40 59 6C FD 5B C6 76 A3   ;.y.6..%@Yl.[.v.
4a0 : 0A 50 16 91 00 67 B7 2B B6 E7 2C D6 FD E8 9C 68   .P...g.+..,....h
4b0 : 75 33 ED 1E 3D 32 FB 91 B8 A9 CC 82 5A 7A CB A6   u3..=2......Zz..
4c0 : DC 83 D9 7F C9 EC B9 14 1C 4C C7 B1 FB EC CE A5   ........L......
4d0 : DB EF 55 C6 4B 37 D5 14 41 4B 1B C6 95 42 D7 04   ..U.K7..AK...B..
4e0 : C2 A6 85 20 9B 8D 0D 1B F2 68 29 34 C5 57 87 7D   ... .....h)4.W.}
4f0 : BA 68 69 D9 8D BE 82 62 D2 D7 85 05 78 E1 0E 58   .hi....b....x..X
500 : 8C 28 B0 1C 7D 7F AD A9 76 4E 52 9A 2D 12 DA E8   .(..}..vNR.-...
510 : 89 ED D8 6E C2 70 AF 33 54 5E FD AB 5D A7 AA E8   ...n.p.3T^..]...
520 : 8B 18 1D C2 D2 F5 62 72 AA 7A A3 3A 5B C9 FE 7B   ......br.z.:[..{
530 : C0 B3 D2 C2 05 3F 67 46 38 9E                     .....?gF8.

-- MainGoAce - 2013-04-24


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; reference:url,doc.emergingthreats.net/2008059; classtype:trojan-activity; sid:2008059; rev:4;)

Added 2011-10-12 19:24:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008059; sid:2008059; rev:4;)

Added 2011-09-14 22:37:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008059; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2008059; rev:4;)

Added 2011-02-04 17:27:10 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008059; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2008059; rev:4;)

Added 2009-02-13 19:47:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008059; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2008059; rev:4;)

Added 2009-02-13 19:47:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008059; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2008059; rev:4;)

Added 2009-02-13 19:46:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008059; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2008059; rev:4;)

Added 2009-02-13 19:46:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008059; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2008059; rev:4;)

Added 2009-02-13 19:45:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008059; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Inject; sid:2008059; rev:4;)

Added 2009-02-13 19:45:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; sid:2008059; rev:3;)

Added 2008-03-26 17:32:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; depth:2; flowbits:isset,ET.inj.ajq.1; classtype:trojan-activity; sid:2008059; rev:3;)

Added 2008-03-26 17:32:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN Win32.Inject.ajq Initial Checkin to CnC? packet 2 port 443"; flow:established,to_server; content:"|07|F"; flowbits:set,ET.inj.ajq.1; classtype:trojan-activity; sid:2008059; rev:1;)

Added 2008-03-26 17:00:38 UTC


Topic revision: r3 - 2013-05-08 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats