Main Webalert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Emogen Infection Checkin Initial Packet"; flow:established,to_server; dsize:<100; content:"|00 00 00 00 00 00|WindowsXP|00 00 00|"; flowbits:set,ET.emogen1; flowbits:noalert; classtype:trojan-activity; sid:2008269; rev:2;) Added 2008-06-24 23:26:43 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Emogen Infection Checkin Initial Packet"; flow:established,to_server; dsize:<100; content:"|00 00 00 00 00 00|WindowsXP|00 00 00|"; flowbits:set,ET.emogen1; flowbits:noalert; classtype:trojan-activity; sid:2008269; rev:2;) Added 2008-06-24 23:26:43 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Emogen Infection Checkin Initial Packet"; flow:established,to_server; dsize:<100; content:"|00 00 00 00 00 00|WindowsXP|00 00 00|"; flowbits:set,ET.emogen1; flowbits:noalert; classtype:trojan-activity; sid:2008269; rev:2;) Added 2008-06-24 23:24:11 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Emogen Infection Checkin Initial Packet"; flow:established,to_server; dsize:<100; content:"|00 00 00 00 00 00|WindowsXP|00 00 00|"; flowbits:set,ET.emogen1; flowbits:noalert; classtype:trojan-activity; sid:2008269; rev:2;) Added 2008-06-24 23:24:11 UTC
alert tcp $HOME_NET 1024: -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Emogen Infection Checkin Initial Packet"; flow:established,to_server; dsize:<100; content:"|00 00 00 00 00 00|WindowsXP|00 00 00|"; flowbits:set,ET.emogen1; flowbits:noalert; classtype:trojan-activity; sid:2008269; rev:1;) Added 2008-05-29 17:33:00 UTC See TrojanEmogen -- MattJonkman - 29 May 2008
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback