#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE WinButler? User-Agent (WinButler?)"; flow:to_server,established; content:"User-Agent|3a| WinButler?|0d 0a|"; http_header; reference:url,www.winbutler.com; reference:url,www.prevx.com/filenames/239975745155427649-0/WINBUTLER.EXE.html; reference:url,doc.emergingthreats.net/2008190; classtype:trojan-activity; sid:2008190; rev:7; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-11-10 16:17:50 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE WinButler? User-Agent (WinButler?)"; flow:to_server,established; content:"User-Agent|3a| WinButler?|0d 0a|"; http_header; reference:url,www.winbutler.com; reference:url,www.prevx.com/filenames/239975745155427649-0/WINBUTLER.EXE.html; reference:url,doc.emergingthreats.net/2008190; classtype:trojan-activity; sid:2008190; rev:7; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:01:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE WinButler? User-Agent (WinButler?)"; flow:to_server,established; content:"User-Agent|3a| WinButler?|0d 0a|"; http_header; reference:url,www.winbutler.com; reference:url,www.prevx.com/filenames/239975745155427649-0/WINBUTLER.EXE.html; reference:url,doc.emergingthreats.net/2008190; classtype:trojan-activity; sid:2008190; rev:6;)

Added 2011-12-16 18:53:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS WinButler? User-Agent (WinButler?)"; flow:to_server,established; content:"User-Agent|3a| WinButler?|0d 0a|"; http_header; reference:url,www.winbutler.com; reference:url,www.prevx.com/filenames/239975745155427649-0/WINBUTLER.EXE.html; reference:url,doc.emergingthreats.net/2008190; classtype:trojan-activity; sid:2008190; rev:6;)

Added 2011-10-12 19:24:37 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS WinButler? User-Agent (WinButler?)"; flow:to_server,established; content:"User-Agent|3a| WinButler?|0d 0a|"; http_header; classtype:trojan-activity; reference:url,www.winbutler.com; reference:url,www.prevx.com/filenames/239975745155427649-0/WINBUTLER.EXE.html; reference:url,doc.emergingthreats.net/2008190; sid:2008190; rev:6;)

Added 2011-09-14 22:38:05 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS WinButler? User-Agent (WinButler?)"; flow:to_server,established; content:"User-Agent|3a| WinButler?|0d 0a|"; http_header; classtype:trojan-activity; reference:url,www.winbutler.com; reference:url,www.prevx.com/filenames/239975745155427649-0/WINBUTLER.EXE.html; reference:url,doc.emergingthreats.net/2008190; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_WinButler; sid:2008190; rev:6;)

Added 2011-02-04 17:27:17 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS WinButler? User-Agent (WinButler?)"; flow:to_server,established; content:"|0d 0a|User-Agent\: WinButler?|0d 0a|"; reference:url,www.winbutler.com; reference:url,www.prevx.com/filenames/239975745155427649-0/WINBUTLER.EXE.html; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008190; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_WinButler; sid:2008190; rev:4;)

Added 2009-11-25 11:39:03 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS WinButler? User-Agent (WinButler?)"; flow:to_server,established; content:"|0d 0a|User-Agent\: WinButler?|0d 0a|"; reference:url,www.winbutler.com; reference:url,www.prevx.com/filenames/239975745155427649-0/WINBUTLER.EXE.html; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008190; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_WinButler; sid:2008190; rev:4;)

Added 2009-11-25 11:39:03 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE WinButler? User-Agent (WinButler?)"; flow:to_server,established; content:"|0d 0a|User-Agent\: WinButler?|0d 0a|"; reference:url,www.winbutler.com; reference:url,www.prevx.com/filenames/239975745155427649-0/WINBUTLER.EXE.html; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008190; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_USER_Agents; sid:2008190; rev:2;)

Added 2009-02-09 22:22:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE WinButler? User-Agent (WinButler?)"; flow:to_server,established; content:"|0d 0a|User-Agent\: WinButler?|0d 0a|"; reference:url,www.winbutler.com; reference:url,www.prevx.com/filenames/239975745155427649-0/WINBUTLER.EXE.html; classtype:trojan-activity; sid:2008190; rev:1;)

Added 2008-05-09 17:01:40 UTC


Topic revision: r1 - 2017-11-10 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats